Ransomware is a type of malicious software designed for disabling access to a user’s computer system, effectively holding it “ransom,” until a predetermined sum of money is paid. Ransomware may be presented to a user by an infected browser popup or visiting a compromised website. Often ransomware victims are demanded to pay through an anonymous Internet-based currency like Bitcoin. Generally, victims of ransomware do not share a common demographic or set of characteristics. Anyone who browses the open Web without the proper safeguards in place or neglects to abide by common sense security practices are vulnerable to the effects of this malign software.
Variations and History
Ransomware can vary in sophistication and implementation but is usually developed to proliferate automatically and penetrate otherwise secure systems by a trojan-like method of attack. The result of a combination of insufficient browser security, a deficient firewall configuration, or general carelessness in the online environment, the end result is the same: temporary re-appropriation of your data via an encryption barrier or restricted access through the display of spam (i.e., pornographic images) until such a time that the user submits and pays a fee for liberating their system of the nefarious software.
The first type of ransomware to hit the Web appeared in 1989 with the "AIDS" trojan (also known as "PC Cyborg"). Following a similar approach of current malware of this type, an alert would be issued that a software license had expired on the user's system and the hard disk would be immediately locked down -- encrypted and rendered inaccessible -- until a money transfer was completed. Still in its infancy at this point, exploiting the gullible and unknowledgeable was clearly a monetary opportunity for those with the necessary programming skills and flexible moral standards for developing robust ransomware exploits.
Significantly more computationally advanced forms of extortionate ransomware appeared five to six years into the first decade of the twentieth century. With comparatively stronger cryptologic encoding than previous versions, workarounds and fail-safes effectively disappeared. The evolution of Web 2.0, social media platforms, and elevated sharing of online content (files, links, e-mail, etc.) resulted in the more prolific appearance and diffusion of ransomware throughout the wider Internet.
As an alternate class of ransomware, the non-encrypting variety does not assert control over file privileges, but rather forcefully exposes the infected system, and thus the user, to a barrage of unsolicited spam, mostly in the form of crude pornographic images. Appearing a number of years after the first encrypting versions of ransomware hit the Web, the non-encrypting variants also sought to take advantage of unsuspecting and innocent victims who contracted the software trojan through irresponsible browsing habits or subpar digital safeguards. As mentioned above for encrypting ransomware, the only advertised solution for cleansing a computer system of such malware is by paying the specified sum of money. Though this might outwardly appear to be a simple, although costly quick-fix, experts suggest not relinquishing any funds despite the appeal and promise of having your system restored to its previous working order. Often times, despite the pledge by the software to do just that, no steps will be taken to return it to its earlier state.
Ethical discussion surrounding the creation, distribution, and ramifications of ransomware is laden with a healthy quantity of mostly one-sided opinion. As the contraction of this malware is unsuspected and without clear warning -- a purposeful and subversive attack on a system and user for purely monetary gain -- many people make quick work of resolving the development of such hostile software and its harmful intents to be ethically unconscionable.
Arising from the notion of performing unauthorized actions on users' personal data without their consent is the argument of unsanctioned file manipulation. Carefully designed and executed software hacking can permit illegitimate and unconventional access to others' property. Regardless of the potential ignorance on behalf of the user or the ethical frameworks cited, the immediate reaction by the majority when confronted with this issue is one of disgust and disdain. Consequently, a conviction consistent with prevailing common law (i.e., do not take what is not yours, respect others' privacy, etc.) is exercised by most when invited to address such a problem.
Law and Ethics
The confluence of the legal aspects of computing and the ethical issues revealed by disclosive practices is occurring more frequently than ever before. As many digital behaviors possess borderline issues of legal concern, considerations for the commensurate enforcement of violations that transpire within this domain is a relevant matter for both legislators and the public at large. As laws are a product of the legislature, which is responsible for developing and revising public policy, there are subtle yet direct ethical influences that result from this human involvement insofar as the moral opinion and mental-emotional tendencies between individuals continues to naturally, albeit predictably vary.
- (2010). ransomware. In Stevenson, A. & Lindberg, C. (Eds.), New Oxford American Dictionary: Oxford University Press. Retrieved 24 Apr. 2016, from http://www.oxfordreference.com.proxy.lib.umich.edu/view/10.1093/acref/9780195392883.001.0001/m_en_us1444048
- Boatman, Kim. Your Security Resource: Beware the Rise of Ransomware. Norton by Symantec. (n.d.). Retrieved 25 Apr. 2016, from https://us.norton.com/yoursecurityresource/detail.jsp?aid=rise_in_ransomware
- Wikipedia: Ransomware - Encrypting ransomware https://en.wikipedia.org/wiki/Ransomware#Encrypting_ransomware