Recent years have seen the internet swarmed with more than 50 variants of ransomware with names like Locky, KeRanger, Cryptolocker, CryptoWall and TeslaCrypt. Initially targeting consumers, these scripts increasingly target victims with highly sensitive, high-value data such as healthcare, banking, legal and finance organizations. Once activated by an unwitting user, the ransomware calls home to a command-and-control server to acquire a unique, randomly created AES encryption key, then applies it to critical files found on local, network and cloud-connected drives. At that point, this data is entirely under the control of the hacker, who demands the prompt payment of a ransom to recover it or prevent its disclosure. This amount may range from hundreds of dollars for individual consumers to many thousands for a business. Payments are often demanded in Bitcoin, further complicating a business response.