Recent years have seen the internet swarmed with more
than 50 variants of ransomware with names like Locky,
KeRanger, Cryptolocker, CryptoWall and TeslaCrypt.
Initially targeting consumers, these scripts increasingly
target victims with highly sensitive, high-value data such
as healthcare, banking, legal and finance organizations.
Once activated by an unwitting user, the ransomware
calls home to a command-and-control server to acquire
a unique, randomly created AES encryption key, then
applies it to critical files found on local, network and
cloud-connected drives. At that point, this data is
entirely under the control of the hacker, who demands
the prompt payment of a ransom to recover it or prevent
its disclosure. This amount may range from hundreds of
dollars for individual consumers to many thousands for
a business. Payments are often demanded in Bitcoin,
further complicating a business response.