Ransomware refers to a type of malware that restricts or prohibits access to data and systems, before a ransom is demanded for their release. This kind of malware either blocks access to the system altogether or it encrypts certain user data. Ransomware directed at Windows computers is a particularly widespread problem, although any system could be infected with ransomware in principle.

"REvil" ransomware gang blackmails hundreds of firms

In the latest ransomware attack on American IT service provider Kaseya, cyber criminals targeted hundreds of firms simultaneously. The REvil hackers exploited a vulnerability to paralyse Kaseya's customers with an encryption trojan. They blocked access to systems so they could then blackmail the customers into paying large ransoms. This precipitated a domino effect, since the IT service provider's customers included many other IT companies across the world, which had their own large customer networks in turn. There were huge consequences for a Swedish supermarket chain's cash register systems, for example – although German firms were affected too. So far, private users have not been the victims of these extortion attacks; however, new catalysts and methods of propagation cannot be ruled out.

This incident shows just how open to attack a networked IT infrastructure can be if it has a vulnerability and what the, potentially global, consequences may be. If we consider ransomware in terms of the risk it poses to the systems run by private users, there are four key tips to follow: 1. Perform regular security updates (automatically, where possible) on all devices; 2. Enable virus protection programs; 3. Do not open any e-mails from unknown, disreputable senders; 4. Perform regular backups to an external location

This type of digital extortion is not a new phenomenon. The first versions of ransomware appeared right back before the turn of the millennium. Then from 2006 on, we started to see more and more ransomware attacks against Windows systems. In these attacks, the malware would compress all of a PC's data into a password-protected ZIP archive, for example, and demand money in exchange for the password.

Reveton, a notorious family of ransomware, followed four years later. This malware displayed a warning on the user's desktop PC claiming the computer had been locked as part of an investigation by the police or customs agencies, for instance, and would only be released on payment of a "fine". To convince victims that their system had been locked by a genuine agency, the attackers used the logos and names of a variety of governmental bodies. That is why this ransomware was known colloquially as the FBI, BSI or Police Trojan.

In 2005, CryptoLocker became the first widespread ransomware with an encryption functionality. This malware employed a cryptographic procedure to encrypt a certain type of user data – and not just on local hard disks, but on connected network drives too.

Today's ransomware attacks usually demand the ransom in a virtual currency like Bitcoin – although payment is by no means a guarantee that encrypted data or locked systems will be released. Instead, the BSI recommends that anyone affected should report such an attack to the police without delay. Creating regular backups of your data, which is just a good piece of general advice, is an effective way of preventing ransomware. Because if you do then fall victim to an attack, you can reconstruct your data without paying any ransom.

WannaCry: Several hundred thousand Windows systems affected worldwide

One of the largest waves of ransomware attacks ever seen hit the headlines in May 2017: in just three days, WannaCry malware encrypted data on more than 200,000 Windows computers in over 150 countries. It is suspected that the program infected several million computers in total. However, analysts activated a specific function quickly, which meant no damage could be caused on many of those machines.

Despite what the frequently used expression "extortion trojan" may suggest, WannaCry was actually a worm, which spread to Windows computers automatically without users doing a thing. As such, it blurred the lines between extortion software (ransomware) and a "classic" worm.

WannaCry's infection mechanism exploited a vulnerability in the Windows operating system, for which Microsoft had provided a software patch a full eight weeks before the outbreak of the epidemic. In other words, if this security update had been installed promptly, a huge number of WannaCry infections and all the associated losses could have been avoided.