CINXE.COM

<!DOCTYPE html> <html class="client-nojs vector-feature-language-in-header-enabled vector-feature-language-in-main-page-header-disabled vector-feature-page-tools-pinned-disabled vector-feature-toc-pinned-clientpref-1 vector-feature-main-menu-pinned-disabled vector-feature-limited-width-clientpref-1 vector-feature-limited-width-content-enabled vector-feature-custom-font-size-clientpref-1 vector-feature-appearance-pinned-clientpref-1 vector-feature-night-mode-enabled skin-theme-clientpref-day vector-sticky-header-enabled vector-toc-available" lang="en" dir="ltr"> <head> <meta charset="UTF-8"> <title>Ransomware - Wikipedia</title> <script>(function(){var className="client-js vector-feature-language-in-header-enabled vector-feature-language-in-main-page-header-disabled vector-feature-page-tools-pinned-disabled vector-feature-toc-pinned-clientpref-1 vector-feature-main-menu-pinned-disabled vector-feature-limited-width-clientpref-1 vector-feature-limited-width-content-enabled vector-feature-custom-font-size-clientpref-1 vector-feature-appearance-pinned-clientpref-1 vector-feature-night-mode-enabled skin-theme-clientpref-day vector-sticky-header-enabled vector-toc-available";var cookie=document.cookie.match(/(?:^|; )enwikimwclientpreferences=([^;]+)/);if(cookie){cookie[1].split('%2C').forEach(function(pref){className=className.replace(new RegExp('(^| )'+pref.replace(/-clientpref-\w+$|[^\w-]+/g,'')+'-clientpref-\\w+( |$)'),'$1'+pref+'$2');});}document.documentElement.className=className;}());RLCONF={"wgBreakFrames":false,"wgSeparatorTransformTable":["",""],"wgDigitTransformTable":["",""],"wgDefaultDateFormat":"dmy", "wgMonthNames":["","January","February","March","April","May","June","July","August","September","October","November","December"],"wgRequestId":"9f73b82a-c324-4ace-9aed-1cc7dc5df706","wgCanonicalNamespace":"","wgCanonicalSpecialPageName":false,"wgNamespaceNumber":0,"wgPageName":"Ransomware","wgTitle":"Ransomware","wgCurRevisionId":1275355444,"wgRevisionId":1275355444,"wgArticleId":1906321,"wgIsArticle":true,"wgIsRedirect":false,"wgAction":"view","wgUserName":null,"wgUserGroups":["*"],"wgCategories":["CS1 maint: multiple names: authors list","Articles with short description","Short description is different from Wikidata","Use dmy dates from May 2016","All articles with vague or ambiguous time","Vague or ambiguous time from August 2023","Vague or ambiguous time from July 2021","Articles containing potentially dated statements from 2023","All articles containing potentially dated statements","All articles that may contain original research", "Articles that may contain original research from June 2017","All articles lacking reliable references","Articles lacking reliable references from February 2025","Articles to be expanded from February 2025","All articles to be expanded","Pages displaying short descriptions of redirect targets via Module:Annotated link","Pages displaying wikidata descriptions as a fallback via Module:Annotated link","Articles prone to spam from May 2016","Commons category link from Wikidata","Good articles","Ransomware","Types of malware","Security breaches"],"wgPageViewLanguage":"en","wgPageContentLanguage":"en","wgPageContentModel":"wikitext","wgRelevantPageName":"Ransomware","wgRelevantArticleId":1906321,"wgIsProbablyEditable":true,"wgRelevantPageIsProbablyEditable":true,"wgRestrictionEdit":[],"wgRestrictionMove":[],"wgNoticeProject":"wikipedia","wgCiteReferencePreviewsActive":false,"wgFlaggedRevsParams":{"tags":{"status":{"levels":1}}},"wgMediaViewerOnClick":true,"wgMediaViewerEnabledByDefault":true ,"wgPopupsFlags":0,"wgVisualEditor":{"pageLanguageCode":"en","pageLanguageDir":"ltr","pageVariantFallbacks":"en"},"wgMFDisplayWikibaseDescriptions":{"search":true,"watchlist":true,"tagline":false,"nearby":true},"wgWMESchemaEditAttemptStepOversample":false,"wgWMEPageLength":100000,"wgEditSubmitButtonLabelPublish":true,"wgULSPosition":"interlanguage","wgULSisCompactLinksEnabled":false,"wgVector2022LanguageInHeader":true,"wgULSisLanguageSelectorEmpty":false,"wgWikibaseItemId":"Q926331","wgCheckUserClientHintsHeadersJsApi":["brands","architecture","bitness","fullVersionList","mobile","model","platform","platformVersion"],"GEHomepageSuggestedEditsEnableTopics":true,"wgGETopicsMatchModeEnabled":false,"wgGEStructuredTaskRejectionReasonTextInputEnabled":false,"wgGELevelingUpEnabledForUser":false};RLSTATE={"ext.globalCssJs.user.styles":"ready","site.styles":"ready","user.styles":"ready","ext.globalCssJs.user":"ready","user":"ready","user.options":"loading","ext.cite.styles":"ready", "skins.vector.search.codex.styles":"ready","skins.vector.styles":"ready","skins.vector.icons":"ready","jquery.makeCollapsible.styles":"ready","ext.wikimediamessages.styles":"ready","ext.visualEditor.desktopArticleTarget.noscript":"ready","ext.uls.interlanguage":"ready","wikibase.client.init":"ready","ext.wikimediaBadges":"ready"};RLPAGEMODULES=["ext.cite.ux-enhancements","mediawiki.page.media","site","mediawiki.page.ready","jquery.makeCollapsible","mediawiki.toc","skins.vector.js","ext.centralNotice.geoIP","ext.centralNotice.startUp","ext.gadget.ReferenceTooltips","ext.gadget.switcher","ext.urlShortener.toolbar","ext.centralauth.centralautologin","mmv.bootstrap","ext.popups","ext.visualEditor.desktopArticleTarget.init","ext.visualEditor.targetLoader","ext.echo.centralauth","ext.eventLogging","ext.wikimediaEvents","ext.navigationTiming","ext.uls.interface","ext.cx.eventlogging.campaigns","ext.cx.uls.quick.actions","wikibase.client.vector-2022","ext.checkUser.clientHints", "ext.growthExperiments.SuggestedEditSession"];</script> <script>(RLQ=window.RLQ||[]).push(function(){mw.loader.impl(function(){return["user.options@12s5i",function($,jQuery,require,module){mw.user.tokens.set({"patrolToken":"+\\","watchToken":"+\\","csrfToken":"+\\"}); }];});});</script> <link rel="stylesheet" href="/w/load.php?lang=en&modules=ext.cite.styles%7Cext.uls.interlanguage%7Cext.visualEditor.desktopArticleTarget.noscript%7Cext.wikimediaBadges%7Cext.wikimediamessages.styles%7Cjquery.makeCollapsible.styles%7Cskins.vector.icons%2Cstyles%7Cskins.vector.search.codex.styles%7Cwikibase.client.init&only=styles&skin=vector-2022"> <script async="" src="/w/load.php?lang=en&modules=startup&only=scripts&raw=1&skin=vector-2022"></script> <meta name="ResourceLoaderDynamicStyles" content=""> <link rel="stylesheet" href="/w/load.php?lang=en&modules=site.styles&only=styles&skin=vector-2022"> <meta name="generator" content="MediaWiki 1.44.0-wmf.15"> <meta name="referrer" content="origin"> <meta name="referrer" content="origin-when-cross-origin"> <meta name="robots" content="max-image-preview:standard"> <meta name="format-detection" content="telephone=no"> <meta name="viewport" content="width=1120"> <meta property="og:title" content="Ransomware - Wikipedia"> <meta property="og:type" content="website"> <link rel="preconnect" href="//upload.wikimedia.org"> <link rel="alternate" media="only screen and (max-width: 640px)" href="//en.m.wikipedia.org/wiki/Ransomware"> <link rel="alternate" type="application/x-wiki" title="Edit this page" href="/w/index.php?title=Ransomware&action=edit"> <link rel="apple-touch-icon" href="/static/apple-touch/wikipedia.png"> <link rel="icon" href="/static/favicon/wikipedia.ico"> <link rel="search" type="application/opensearchdescription+xml" href="/w/rest.php/v1/search" title="Wikipedia (en)"> <link rel="EditURI" type="application/rsd+xml" href="//en.wikipedia.org/w/api.php?action=rsd"> <link rel="canonical" href="https://en.wikipedia.org/wiki/Ransomware"> <link rel="license" href="https://creativecommons.org/licenses/by-sa/4.0/deed.en"> <link rel="alternate" type="application/atom+xml" title="Wikipedia Atom feed" href="/w/index.php?title=Special:RecentChanges&feed=atom"> <link rel="dns-prefetch" href="//meta.wikimedia.org" /> <link rel="dns-prefetch" href="login.wikimedia.org"> </head> <body class="skin--responsive skin-vector skin-vector-search-vue mediawiki ltr sitedir-ltr mw-hide-empty-elt ns-0 ns-subject mw-editable page-Ransomware rootpage-Ransomware skin-vector-2022 action-view"><a class="mw-jump-link" href="#bodyContent">Jump to content</a> <div class="vector-header-container"> <header class="vector-header mw-header"> <div class="vector-header-start"> <nav class="vector-main-menu-landmark" aria-label="Site"> <div id="vector-main-menu-dropdown" class="vector-dropdown vector-main-menu-dropdown vector-button-flush-left vector-button-flush-right" title="Main menu" > <input type="checkbox" id="vector-main-menu-dropdown-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-main-menu-dropdown" class="vector-dropdown-checkbox " aria-label="Main menu" > <label id="vector-main-menu-dropdown-label" for="vector-main-menu-dropdown-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only " aria-hidden="true" > Main menu </label> <div class="vector-dropdown-content"> <div id="vector-main-menu-unpinned-container" class="vector-unpinned-container"> <div id="vector-main-menu" class="vector-main-menu vector-pinnable-element"> <div class="vector-pinnable-header vector-main-menu-pinnable-header vector-pinnable-header-unpinned" data-feature-name="main-menu-pinned" data-pinnable-element-id="vector-main-menu" data-pinned-container-id="vector-main-menu-pinned-container" data-unpinned-container-id="vector-main-menu-unpinned-container" > <div class="vector-pinnable-header-label">Main menu</div> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-pin-button" data-event-name="pinnable-header.vector-main-menu.pin">move to sidebar</button> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-unpin-button" data-event-name="pinnable-header.vector-main-menu.unpin">hide</button> </div> <div id="p-navigation" class="vector-menu mw-portlet mw-portlet-navigation" > <div class="vector-menu-heading"> Navigation </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="n-mainpage-description" class="mw-list-item"><a href="/wiki/Main_Page" title="Visit the main page [z]" accesskey="z">Main page</a></li><li id="n-contents" class="mw-list-item"><a href="/wiki/Wikipedia:Contents" title="Guides to browsing Wikipedia">Contents</a></li><li id="n-currentevents" class="mw-list-item"><a href="/wiki/Portal:Current_events" title="Articles related to current events">Current events</a></li><li id="n-randompage" class="mw-list-item"><a href="/wiki/Special:Random" title="Visit a randomly selected article [x]" accesskey="x">Random article</a></li><li id="n-aboutsite" class="mw-list-item"><a href="/wiki/Wikipedia:About" title="Learn about Wikipedia and how it works">About Wikipedia</a></li><li id="n-contactpage" class="mw-list-item"><a href="//en.wikipedia.org/wiki/Wikipedia:Contact_us" title="How to contact Wikipedia">Contact us</a></li> </ul> </div> </div> <div id="p-interaction" class="vector-menu mw-portlet mw-portlet-interaction" > <div class="vector-menu-heading"> Contribute </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="n-help" class="mw-list-item"><a href="/wiki/Help:Contents" title="Guidance on how to use and edit Wikipedia">Help</a></li><li id="n-introduction" class="mw-list-item"><a href="/wiki/Help:Introduction" title="Learn how to edit Wikipedia">Learn to edit</a></li><li id="n-portal" class="mw-list-item"><a href="/wiki/Wikipedia:Community_portal" title="The hub for editors">Community portal</a></li><li id="n-recentchanges" class="mw-list-item"><a href="/wiki/Special:RecentChanges" title="A list of recent changes to Wikipedia [r]" accesskey="r">Recent changes</a></li><li id="n-upload" class="mw-list-item"><a href="/wiki/Wikipedia:File_upload_wizard" title="Add images or other media for use on Wikipedia">Upload file</a></li> </ul> </div> </div> </div> </div> </div> </div> </nav> <a href="/wiki/Main_Page" class="mw-logo"> <img class="mw-logo-icon" src="/static/images/icons/wikipedia.png" alt="" aria-hidden="true" height="50" width="50"> <img class="mw-logo-wordmark" alt="Wikipedia" src="/static/images/mobile/copyright/wikipedia-wordmark-en.svg" style="width: 7.5em; height: 1.125em;"> <img class="mw-logo-tagline" alt="The Free Encyclopedia" src="/static/images/mobile/copyright/wikipedia-tagline-en.svg" width="117" height="13" style="width: 7.3125em; height: 0.8125em;"> </a> </div> <div class="vector-header-end"> <div id="p-search" role="search" class="vector-search-box-vue vector-search-box-collapses vector-search-box-show-thumbnail vector-search-box-auto-expand-width vector-search-box"> <a href="/wiki/Special:Search" class="cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only search-toggle" title="Search Wikipedia [f]" accesskey="f"> Search </a> <div class="vector-typeahead-search-container"> <div class="cdx-typeahead-search cdx-typeahead-search--show-thumbnail cdx-typeahead-search--auto-expand-width"> <form action="/w/index.php" id="searchform" class="cdx-search-input cdx-search-input--has-end-button"> <div id="simpleSearch" class="cdx-search-input__input-wrapper" data-search-loc="header-moved"> <div class="cdx-text-input cdx-text-input--has-start-icon"> <input class="cdx-text-input__input" type="search" name="search" placeholder="Search Wikipedia" aria-label="Search Wikipedia" autocapitalize="sentences" title="Search Wikipedia [f]" accesskey="f" id="searchInput" > </div> <input type="hidden" name="title" value="Special:Search"> </div> <button class="cdx-button cdx-search-input__end-button">Search</button> </form> </div> </div> </div> <nav class="vector-user-links vector-user-links-wide" aria-label="Personal tools"> <div class="vector-user-links-main"> <div id="p-vector-user-menu-preferences" class="vector-menu mw-portlet emptyPortlet" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> </ul> </div> </div> <div id="p-vector-user-menu-userpage" class="vector-menu mw-portlet emptyPortlet" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> </ul> </div> </div> <nav class="vector-appearance-landmark" aria-label="Appearance"> <div id="vector-appearance-dropdown" class="vector-dropdown " title="Change the appearance of the page's font size, width, and color" > <input type="checkbox" id="vector-appearance-dropdown-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-appearance-dropdown" class="vector-dropdown-checkbox " aria-label="Appearance" > <label id="vector-appearance-dropdown-label" for="vector-appearance-dropdown-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only " aria-hidden="true" > Appearance </label> <div class="vector-dropdown-content"> <div id="vector-appearance-unpinned-container" class="vector-unpinned-container"> </div> </div> </div> </nav> <div id="p-vector-user-menu-notifications" class="vector-menu mw-portlet emptyPortlet" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> </ul> </div> </div> <div id="p-vector-user-menu-overflow" class="vector-menu mw-portlet" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="pt-sitesupport-2" class="user-links-collapsible-item mw-list-item user-links-collapsible-item"><a data-mw="interface" href="https://donate.wikimedia.org/?wmf_source=donate&wmf_medium=sidebar&wmf_campaign=en.wikipedia.org&uselang=en" class="">Donate</a> </li> <li id="pt-createaccount-2" class="user-links-collapsible-item mw-list-item user-links-collapsible-item"><a data-mw="interface" href="/w/index.php?title=Special:CreateAccount&returnto=Ransomware" title="You are encouraged to create an account and log in; however, it is not mandatory" class="">Create account</a> </li> <li id="pt-login-2" class="user-links-collapsible-item mw-list-item user-links-collapsible-item"><a data-mw="interface" href="/w/index.php?title=Special:UserLogin&returnto=Ransomware" title="You're encouraged to log in; however, it's not mandatory. [o]" accesskey="o" class="">Log in</a> </li> </ul> </div> </div> </div> <div id="vector-user-links-dropdown" class="vector-dropdown vector-user-menu vector-button-flush-right vector-user-menu-logged-out" title="Log in and more options" > <input type="checkbox" id="vector-user-links-dropdown-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-user-links-dropdown" class="vector-dropdown-checkbox " aria-label="Personal tools" > <label id="vector-user-links-dropdown-label" for="vector-user-links-dropdown-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only " aria-hidden="true" > Personal tools </label> <div class="vector-dropdown-content"> <div id="p-personal" class="vector-menu mw-portlet mw-portlet-personal user-links-collapsible-item" title="User menu" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="pt-sitesupport" class="user-links-collapsible-item mw-list-item"><a href="https://donate.wikimedia.org/?wmf_source=donate&wmf_medium=sidebar&wmf_campaign=en.wikipedia.org&uselang=en">Donate</a></li><li id="pt-createaccount" class="user-links-collapsible-item mw-list-item"><a href="/w/index.php?title=Special:CreateAccount&returnto=Ransomware" title="You are encouraged to create an account and log in; however, it is not mandatory"> Create account</a></li><li id="pt-login" class="user-links-collapsible-item mw-list-item"><a href="/w/index.php?title=Special:UserLogin&returnto=Ransomware" title="You're encouraged to log in; however, it's not mandatory. [o]" accesskey="o"> Log in</a></li> </ul> </div> </div> <div id="p-user-menu-anon-editor" class="vector-menu mw-portlet mw-portlet-user-menu-anon-editor" > <div class="vector-menu-heading"> Pages for logged out editors <a href="/wiki/Help:Introduction" aria-label="Learn more about editing">learn more</a> </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="pt-anoncontribs" class="mw-list-item"><a href="/wiki/Special:MyContributions" title="A list of edits made from this IP address [y]" accesskey="y">Contributions</a></li><li id="pt-anontalk" class="mw-list-item"><a href="/wiki/Special:MyTalk" title="Discussion about edits from this IP address [n]" accesskey="n">Talk</a></li> </ul> </div> </div> </div> </div> </nav> </div> </header> </div> <div class="mw-page-container"> <div class="mw-page-container-inner"> <div class="vector-sitenotice-container"> <div id="siteNotice"></div> </div> <div class="vector-column-start"> <div class="vector-main-menu-container"> <div id="mw-navigation"> <nav id="mw-panel" class="vector-main-menu-landmark" aria-label="Site"> <div id="vector-main-menu-pinned-container" class="vector-pinned-container"> </div> </nav> </div> </div> <div class="vector-sticky-pinned-container"> <nav id="mw-panel-toc" aria-label="Contents" data-event-name="ui.sidebar-toc" class="mw-table-of-contents-container vector-toc-landmark"> <div id="vector-toc-pinned-container" class="vector-pinned-container"> <div id="vector-toc" class="vector-toc vector-pinnable-element"> <div class="vector-pinnable-header vector-toc-pinnable-header vector-pinnable-header-pinned" data-feature-name="toc-pinned" data-pinnable-element-id="vector-toc" > <h2 class="vector-pinnable-header-label">Contents</h2> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-pin-button" data-event-name="pinnable-header.vector-toc.pin">move to sidebar</button> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-unpin-button" data-event-name="pinnable-header.vector-toc.unpin">hide</button> </div> <ul class="vector-toc-contents" id="mw-panel-toc-list"> <li id="toc-mw-content-text" class="vector-toc-list-item vector-toc-level-1"> <a href="#" class="vector-toc-link"> <div class="vector-toc-text">(Top)</div> </a> </li> <li id="toc-Operation" class="vector-toc-list-item vector-toc-level-1"> <a class="vector-toc-link" href="#Operation"> <div class="vector-toc-text"> 1 Operation </div> </a> <ul id="toc-Operation-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-History" class="vector-toc-list-item vector-toc-level-1"> <a class="vector-toc-link" href="#History"> <div class="vector-toc-text"> 2 History </div> </a> <button aria-controls="toc-History-sublist" class="cdx-button cdx-button--weight-quiet cdx-button--icon-only vector-toc-toggle"> Toggle History subsection </button> <ul id="toc-History-sublist" class="vector-toc-list"> <li id="toc-Encrypting_ransomware" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#Encrypting_ransomware"> <div class="vector-toc-text"> 2.1 Encrypting ransomware </div> </a> <ul id="toc-Encrypting_ransomware-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Non-encrypting_ransomware" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#Non-encrypting_ransomware"> <div class="vector-toc-text"> 2.2 Non-encrypting ransomware </div> </a> <ul id="toc-Non-encrypting_ransomware-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Exfiltration_(Leakware_/_Doxware)" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#Exfiltration_(Leakware_/_Doxware)"> <div class="vector-toc-text"> 2.3 Exfiltration (Leakware / Doxware) </div> </a> <ul id="toc-Exfiltration_(Leakware_/_Doxware)-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Mobile_ransomware" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#Mobile_ransomware"> <div class="vector-toc-text"> 2.4 Mobile ransomware </div> </a> <ul id="toc-Mobile_ransomware-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Progression_of_attacks" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#Progression_of_attacks"> <div class="vector-toc-text"> 2.5 Progression of attacks </div> </a> <ul id="toc-Progression_of_attacks-sublist" class="vector-toc-list"> </ul> </li> </ul> </li> <li id="toc-Notable_attack_targets" class="vector-toc-list-item vector-toc-level-1"> <a class="vector-toc-link" href="#Notable_attack_targets"> <div class="vector-toc-text"> 3 Notable attack targets </div> </a> <ul id="toc-Notable_attack_targets-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Notable_software_packages" class="vector-toc-list-item vector-toc-level-1"> <a class="vector-toc-link" href="#Notable_software_packages"> <div class="vector-toc-text"> 4 Notable software packages </div> </a> <button aria-controls="toc-Notable_software_packages-sublist" class="cdx-button cdx-button--weight-quiet cdx-button--icon-only vector-toc-toggle"> Toggle Notable software packages subsection </button> <ul id="toc-Notable_software_packages-sublist" class="vector-toc-list"> <li id="toc-Reveton" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#Reveton"> <div class="vector-toc-text"> 4.1 Reveton </div> </a> <ul id="toc-Reveton-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-CryptoLocker" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#CryptoLocker"> <div class="vector-toc-text"> 4.2 CryptoLocker </div> </a> <ul id="toc-CryptoLocker-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-CryptoLocker.F_and_TorrentLocker" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#CryptoLocker.F_and_TorrentLocker"> <div class="vector-toc-text"> 4.3 CryptoLocker.F and TorrentLocker </div> </a> <ul id="toc-CryptoLocker.F_and_TorrentLocker-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-CryptoWall" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#CryptoWall"> <div class="vector-toc-text"> 4.4 CryptoWall </div> </a> <ul id="toc-CryptoWall-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Fusob" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#Fusob"> <div class="vector-toc-text"> 4.5 Fusob </div> </a> <ul id="toc-Fusob-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-WannaCry" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#WannaCry"> <div class="vector-toc-text"> 4.6 WannaCry </div> </a> <ul id="toc-WannaCry-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Petya" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#Petya"> <div class="vector-toc-text"> 4.7 Petya </div> </a> <ul id="toc-Petya-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Bad_Rabbit" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#Bad_Rabbit"> <div class="vector-toc-text"> 4.8 Bad Rabbit </div> </a> <ul id="toc-Bad_Rabbit-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-SamSam" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#SamSam"> <div class="vector-toc-text"> 4.9 SamSam </div> </a> <ul id="toc-SamSam-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-DarkSide" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#DarkSide"> <div class="vector-toc-text"> 4.10 DarkSide </div> </a> <ul id="toc-DarkSide-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Syskey" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#Syskey"> <div class="vector-toc-text"> 4.11 Syskey </div> </a> <ul id="toc-Syskey-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Ransomware-as-a-service" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#Ransomware-as-a-service"> <div class="vector-toc-text"> 4.12 Ransomware-as-a-service </div> </a> <ul id="toc-Ransomware-as-a-service-sublist" class="vector-toc-list"> </ul> </li> </ul> </li> <li id="toc-Mitigation" class="vector-toc-list-item vector-toc-level-1"> <a class="vector-toc-link" href="#Mitigation"> <div class="vector-toc-text"> 5 Mitigation </div> </a> <button aria-controls="toc-Mitigation-sublist" class="cdx-button cdx-button--weight-quiet cdx-button--icon-only vector-toc-toggle"> Toggle Mitigation subsection </button> <ul id="toc-Mitigation-sublist" class="vector-toc-list"> <li id="toc-File_system_defenses_against_ransomware" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#File_system_defenses_against_ransomware"> <div class="vector-toc-text"> 5.1 File system defenses against ransomware </div> </a> <ul id="toc-File_system_defenses_against_ransomware-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-File_decryption_and_recovery" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#File_decryption_and_recovery"> <div class="vector-toc-text"> 5.2 File decryption and recovery </div> </a> <ul id="toc-File_decryption_and_recovery-sublist" class="vector-toc-list"> </ul> </li> </ul> </li> <li id="toc-Criminal_arrests_and_convictions" class="vector-toc-list-item vector-toc-level-1"> <a class="vector-toc-link" href="#Criminal_arrests_and_convictions"> <div class="vector-toc-text"> 6 Criminal arrests and convictions </div> </a> <button aria-controls="toc-Criminal_arrests_and_convictions-sublist" class="cdx-button cdx-button--weight-quiet cdx-button--icon-only vector-toc-toggle"> Toggle Criminal arrests and convictions subsection </button> <ul id="toc-Criminal_arrests_and_convictions-sublist" class="vector-toc-list"> <li id="toc-Zain_Qaiser" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#Zain_Qaiser"> <div class="vector-toc-text"> 6.1 Zain Qaiser </div> </a> <ul id="toc-Zain_Qaiser-sublist" class="vector-toc-list"> </ul> </li> </ul> </li> <li id="toc-Legal_aspects" class="vector-toc-list-item vector-toc-level-1"> <a class="vector-toc-link" href="#Legal_aspects"> <div class="vector-toc-text"> 7 Legal aspects </div> </a> <ul id="toc-Legal_aspects-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-See_also" class="vector-toc-list-item vector-toc-level-1"> <a class="vector-toc-link" href="#See_also"> <div class="vector-toc-text"> 8 See also </div> </a> <ul id="toc-See_also-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-References" class="vector-toc-list-item vector-toc-level-1"> <a class="vector-toc-link" href="#References"> <div class="vector-toc-text"> 9 References </div> </a> <ul id="toc-References-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Further_reading" class="vector-toc-list-item vector-toc-level-1"> <a class="vector-toc-link" href="#Further_reading"> <div class="vector-toc-text"> 10 Further reading </div> </a> <ul id="toc-Further_reading-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-External_links" class="vector-toc-list-item vector-toc-level-1"> <a class="vector-toc-link" href="#External_links"> <div class="vector-toc-text"> 11 External links </div> </a> <ul id="toc-External_links-sublist" class="vector-toc-list"> </ul> </li> </ul> </div> </div> </nav> </div> </div> <div class="mw-content-container"> <main id="content" class="mw-body"> <header class="mw-body-header vector-page-titlebar"> <nav aria-label="Contents" class="vector-toc-landmark"> <div id="vector-page-titlebar-toc" class="vector-dropdown vector-page-titlebar-toc vector-button-flush-left" title="Table of Contents" > <input type="checkbox" id="vector-page-titlebar-toc-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-page-titlebar-toc" class="vector-dropdown-checkbox " aria-label="Toggle the table of contents" > <label id="vector-page-titlebar-toc-label" for="vector-page-titlebar-toc-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only " aria-hidden="true" > Toggle the table of contents </label> <div class="vector-dropdown-content"> <div id="vector-page-titlebar-toc-unpinned-container" class="vector-unpinned-container"> </div> </div> </div> </nav> <h1 id="firstHeading" class="firstHeading mw-first-heading">Ransomware</h1> <div id="p-lang-btn" class="vector-dropdown mw-portlet mw-portlet-lang" > <input type="checkbox" id="p-lang-btn-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-p-lang-btn" class="vector-dropdown-checkbox mw-interlanguage-selector" aria-label="Go to an article in another language. Available in 60 languages" > <label id="p-lang-btn-label" for="p-lang-btn-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--action-progressive mw-portlet-lang-heading-60" aria-hidden="true" > 60 languages </label> <div class="vector-dropdown-content"> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li class="interlanguage-link interwiki-af mw-list-item"><a href="https://af.wikipedia.org/wiki/Losprysware" title="Losprysware – Afrikaans" lang="af" hreflang="af" data-title="Losprysware" data-language-autonym="Afrikaans" data-language-local-name="Afrikaans" class="interlanguage-link-target">Afrikaans</a></li><li class="interlanguage-link interwiki-ar mw-list-item"><a href="https://ar.wikipedia.org/wiki/%D8%A8%D8%B1%D9%85%D8%AC%D9%8A%D8%A9_%D9%81%D8%AF%D9%8A%D8%A9" title="برمجية فدية – Arabic" lang="ar" hreflang="ar" data-title="برمجية فدية" data-language-autonym="العربية" data-language-local-name="Arabic" class="interlanguage-link-target">العربية</a></li><li class="interlanguage-link interwiki-az mw-list-item"><a href="https://az.wikipedia.org/wiki/Ransomware" title="Ransomware – Azerbaijani" lang="az" hreflang="az" data-title="Ransomware" data-language-autonym="Azərbaycanca" data-language-local-name="Azerbaijani" class="interlanguage-link-target">Azərbaycanca</a></li><li class="interlanguage-link interwiki-bn mw-list-item"><a href="https://bn.wikipedia.org/wiki/%E0%A6%B0%E2%80%8D%E0%A7%8D%E0%A6%AF%E0%A6%BE%E0%A6%A8%E0%A6%B8%E0%A6%AE%E0%A6%93%E0%A6%AF%E0%A6%BC%E0%A7%8D%E0%A6%AF%E0%A6%BE%E0%A6%B0" title="র‍্যানসমওয়্যার – Bangla" lang="bn" hreflang="bn" data-title="র‍্যানসমওয়্যার" data-language-autonym="বাংলা" data-language-local-name="Bangla" class="interlanguage-link-target">বাংলা</a></li><li class="interlanguage-link interwiki-bh mw-list-item"><a href="https://bh.wikipedia.org/wiki/%E0%A4%B0%E0%A5%88%E0%A4%A8%E0%A4%B8%E0%A4%AE%E0%A4%B5%E0%A5%87%E0%A4%AF%E0%A4%B0" title="रैनसमवेयर – Bhojpuri" lang="bh" hreflang="bh" data-title="रैनसमवेयर" data-language-autonym="भोजपुरी" data-language-local-name="Bhojpuri" class="interlanguage-link-target">भोजपुरी</a></li><li class="interlanguage-link interwiki-bg mw-list-item"><a href="https://bg.wikipedia.org/wiki/%D0%A0%D0%B0%D0%BD%D1%81%D1%8A%D0%BC%D1%83%D0%B5%D1%80" title="Рансъмуер – Bulgarian" lang="bg" hreflang="bg" data-title="Рансъмуер" data-language-autonym="Български" data-language-local-name="Bulgarian" class="interlanguage-link-target">Български</a></li><li class="interlanguage-link interwiki-bs mw-list-item"><a href="https://bs.wikipedia.org/wiki/Ucjenjiva%C4%8Dki_softver" title="Ucjenjivački softver – Bosnian" lang="bs" hreflang="bs" data-title="Ucjenjivački softver" data-language-autonym="Bosanski" data-language-local-name="Bosnian" class="interlanguage-link-target">Bosanski</a></li><li class="interlanguage-link interwiki-br mw-list-item"><a href="https://br.wikipedia.org/wiki/Ransomware" title="Ransomware – Breton" lang="br" hreflang="br" data-title="Ransomware" data-language-autonym="Brezhoneg" data-language-local-name="Breton" class="interlanguage-link-target">Brezhoneg</a></li><li class="interlanguage-link interwiki-ca mw-list-item"><a href="https://ca.wikipedia.org/wiki/Ransomware" title="Ransomware – Catalan" lang="ca" hreflang="ca" data-title="Ransomware" data-language-autonym="Català" data-language-local-name="Catalan" class="interlanguage-link-target">Català</a></li><li class="interlanguage-link interwiki-cs mw-list-item"><a href="https://cs.wikipedia.org/wiki/Ransomware" title="Ransomware – Czech" lang="cs" hreflang="cs" data-title="Ransomware" data-language-autonym="Čeština" data-language-local-name="Czech" class="interlanguage-link-target">Čeština</a></li><li class="interlanguage-link interwiki-da mw-list-item"><a href="https://da.wikipedia.org/wiki/Ransomware" title="Ransomware – Danish" lang="da" hreflang="da" data-title="Ransomware" data-language-autonym="Dansk" data-language-local-name="Danish" class="interlanguage-link-target">Dansk</a></li><li class="interlanguage-link interwiki-de mw-list-item"><a href="https://de.wikipedia.org/wiki/Ransomware" title="Ransomware – German" lang="de" hreflang="de" data-title="Ransomware" data-language-autonym="Deutsch" data-language-local-name="German" class="interlanguage-link-target">Deutsch</a></li><li class="interlanguage-link interwiki-et mw-list-item"><a href="https://et.wikipedia.org/wiki/Lunavara" title="Lunavara – Estonian" lang="et" hreflang="et" data-title="Lunavara" data-language-autonym="Eesti" data-language-local-name="Estonian" class="interlanguage-link-target">Eesti</a></li><li class="interlanguage-link interwiki-el mw-list-item"><a href="https://el.wikipedia.org/wiki/Ransomware" title="Ransomware – Greek" lang="el" hreflang="el" data-title="Ransomware" data-language-autonym="Ελληνικά" data-language-local-name="Greek" class="interlanguage-link-target">Ελληνικά</a></li><li class="interlanguage-link interwiki-es mw-list-item"><a href="https://es.wikipedia.org/wiki/Ransomware" title="Ransomware – Spanish" lang="es" hreflang="es" data-title="Ransomware" data-language-autonym="Español" data-language-local-name="Spanish" class="interlanguage-link-target">Español</a></li><li class="interlanguage-link interwiki-eu mw-list-item"><a href="https://eu.wikipedia.org/wiki/Ransomware" title="Ransomware – Basque" lang="eu" hreflang="eu" data-title="Ransomware" data-language-autonym="Euskara" data-language-local-name="Basque" class="interlanguage-link-target">Euskara</a></li><li class="interlanguage-link interwiki-fa mw-list-item"><a href="https://fa.wikipedia.org/wiki/%D8%A8%D8%A7%D8%AC%E2%80%8C%D8%A7%D9%81%D8%B2%D8%A7%D8%B1" title="باج‌افزار – Persian" lang="fa" hreflang="fa" data-title="باج‌افزار" data-language-autonym="فارسی" data-language-local-name="Persian" class="interlanguage-link-target">فارسی</a></li><li class="interlanguage-link interwiki-fr mw-list-item"><a href="https://fr.wikipedia.org/wiki/Ran%C3%A7ongiciel" title="Rançongiciel – French" lang="fr" hreflang="fr" data-title="Rançongiciel" data-language-autonym="Français" data-language-local-name="French" class="interlanguage-link-target">Français</a></li><li class="interlanguage-link interwiki-gl mw-list-item"><a href="https://gl.wikipedia.org/wiki/Ransomware" title="Ransomware – Galician" lang="gl" hreflang="gl" data-title="Ransomware" data-language-autonym="Galego" data-language-local-name="Galician" class="interlanguage-link-target">Galego</a></li><li class="interlanguage-link interwiki-ko mw-list-item"><a href="https://ko.wikipedia.org/wiki/%EB%9E%9C%EC%84%AC%EC%9B%A8%EC%96%B4" title="랜섬웨어 – Korean" lang="ko" hreflang="ko" data-title="랜섬웨어" data-language-autonym="한국어" data-language-local-name="Korean" class="interlanguage-link-target">한국어</a></li><li class="interlanguage-link interwiki-hy mw-list-item"><a href="https://hy.wikipedia.org/wiki/Ransomware" title="Ransomware – Armenian" lang="hy" hreflang="hy" data-title="Ransomware" data-language-autonym="Հայերեն" data-language-local-name="Armenian" class="interlanguage-link-target">Հայերեն</a></li><li class="interlanguage-link interwiki-hi mw-list-item"><a href="https://hi.wikipedia.org/wiki/%E0%A4%B0%E0%A5%88%E0%A4%A8%E0%A4%B8%E0%A4%AE%E0%A4%B5%E0%A5%87%E0%A4%AF%E0%A4%B0" title="रैनसमवेयर – Hindi" lang="hi" hreflang="hi" data-title="रैनसमवेयर" data-language-autonym="हिन्दी" data-language-local-name="Hindi" class="interlanguage-link-target">हिन्दी</a></li><li class="interlanguage-link interwiki-hr mw-list-item"><a href="https://hr.wikipedia.org/wiki/Ransomware" title="Ransomware – Croatian" lang="hr" hreflang="hr" data-title="Ransomware" data-language-autonym="Hrvatski" data-language-local-name="Croatian" class="interlanguage-link-target">Hrvatski</a></li><li class="interlanguage-link interwiki-io mw-list-item"><a href="https://io.wikipedia.org/wiki/Extorsala_programaro" title="Extorsala programaro – Ido" lang="io" hreflang="io" data-title="Extorsala programaro" data-language-autonym="Ido" data-language-local-name="Ido" class="interlanguage-link-target">Ido</a></li><li class="interlanguage-link interwiki-id mw-list-item"><a href="https://id.wikipedia.org/wiki/Perangkat_pemeras" title="Perangkat pemeras – Indonesian" lang="id" hreflang="id" data-title="Perangkat pemeras" data-language-autonym="Bahasa Indonesia" data-language-local-name="Indonesian" class="interlanguage-link-target">Bahasa Indonesia</a></li><li class="interlanguage-link interwiki-ia mw-list-item"><a href="https://ia.wikipedia.org/wiki/Programmario_redemptive" title="Programmario redemptive – Interlingua" lang="ia" hreflang="ia" data-title="Programmario redemptive" data-language-autonym="Interlingua" data-language-local-name="Interlingua" class="interlanguage-link-target">Interlingua</a></li><li class="interlanguage-link interwiki-is mw-list-item"><a href="https://is.wikipedia.org/wiki/Gagnag%C3%ADslataka" title="Gagnagíslataka – Icelandic" lang="is" hreflang="is" data-title="Gagnagíslataka" data-language-autonym="Íslenska" data-language-local-name="Icelandic" class="interlanguage-link-target">Íslenska</a></li><li class="interlanguage-link interwiki-it mw-list-item"><a href="https://it.wikipedia.org/wiki/Ransomware" title="Ransomware – Italian" lang="it" hreflang="it" data-title="Ransomware" data-language-autonym="Italiano" data-language-local-name="Italian" class="interlanguage-link-target">Italiano</a></li><li class="interlanguage-link interwiki-he mw-list-item"><a href="https://he.wikipedia.org/wiki/%D7%9B%D7%95%D7%A4%D7%A8%D7%94" title="כופרה – Hebrew" lang="he" hreflang="he" data-title="כופרה" data-language-autonym="עברית" data-language-local-name="Hebrew" class="interlanguage-link-target">עברית</a></li><li class="interlanguage-link interwiki-jv mw-list-item"><a href="https://jv.wikipedia.org/wiki/Ransomware" title="Ransomware – Javanese" lang="jv" hreflang="jv" data-title="Ransomware" data-language-autonym="Jawa" data-language-local-name="Javanese" class="interlanguage-link-target">Jawa</a></li><li class="interlanguage-link interwiki-sw mw-list-item"><a href="https://sw.wikipedia.org/wiki/Programufidia" title="Programufidia – Swahili" lang="sw" hreflang="sw" data-title="Programufidia" data-language-autonym="Kiswahili" data-language-local-name="Swahili" class="interlanguage-link-target">Kiswahili</a></li><li class="interlanguage-link interwiki-lv mw-list-item"><a href="https://lv.wikipedia.org/wiki/Izspied%C4%93jprogrammat%C5%ABra" title="Izspiedējprogrammatūra – Latvian" lang="lv" hreflang="lv" data-title="Izspiedējprogrammatūra" data-language-autonym="Latviešu" data-language-local-name="Latvian" class="interlanguage-link-target">Latviešu</a></li><li class="interlanguage-link interwiki-lmo mw-list-item"><a href="https://lmo.wikipedia.org/wiki/Ransomware" title="Ransomware – Lombard" lang="lmo" hreflang="lmo" data-title="Ransomware" data-language-autonym="Lombard" data-language-local-name="Lombard" class="interlanguage-link-target">Lombard</a></li><li class="interlanguage-link interwiki-hu mw-list-item"><a href="https://hu.wikipedia.org/wiki/Zsarol%C3%B3program" title="Zsarolóprogram – Hungarian" lang="hu" hreflang="hu" data-title="Zsarolóprogram" data-language-autonym="Magyar" data-language-local-name="Hungarian" class="interlanguage-link-target">Magyar</a></li><li class="interlanguage-link interwiki-ml mw-list-item"><a href="https://ml.wikipedia.org/wiki/%E0%B4%B1%E0%B4%BE%E0%B4%82%E0%B4%B8%E0%B4%82%E0%B4%B5%E0%B5%86%E0%B4%AF%E0%B5%BC" title="റാംസംവെയർ – Malayalam" lang="ml" hreflang="ml" data-title="റാംസംവെയർ" data-language-autonym="മലയാളം" data-language-local-name="Malayalam" class="interlanguage-link-target">മലയാളം</a></li><li class="interlanguage-link interwiki-ms mw-list-item"><a href="https://ms.wikipedia.org/wiki/Perisian_tebusan" title="Perisian tebusan – Malay" lang="ms" hreflang="ms" data-title="Perisian tebusan" data-language-autonym="Bahasa Melayu" data-language-local-name="Malay" class="interlanguage-link-target">Bahasa Melayu</a></li><li class="interlanguage-link interwiki-mn mw-list-item"><a href="https://mn.wikipedia.org/wiki/Ransomware" title="Ransomware – Mongolian" lang="mn" hreflang="mn" data-title="Ransomware" data-language-autonym="Монгол" data-language-local-name="Mongolian" class="interlanguage-link-target">Монгол</a></li><li class="interlanguage-link interwiki-nl mw-list-item"><a href="https://nl.wikipedia.org/wiki/Ransomware" title="Ransomware – Dutch" lang="nl" hreflang="nl" data-title="Ransomware" data-language-autonym="Nederlands" data-language-local-name="Dutch" class="interlanguage-link-target">Nederlands</a></li><li class="interlanguage-link interwiki-ne mw-list-item"><a href="https://ne.wikipedia.org/wiki/%E0%A4%B0%E0%A5%8D%E2%80%8D%E0%A4%AF%E0%A4%BE%E0%A4%A8%E0%A5%8D%E0%A4%B8%E0%A4%AE%E0%A4%B5%E0%A5%87%E0%A4%AF%E0%A4%B0" title="र्‍यान्समवेयर – Nepali" lang="ne" hreflang="ne" data-title="र्‍यान्समवेयर" data-language-autonym="नेपाली" data-language-local-name="Nepali" class="interlanguage-link-target">नेपाली</a></li><li class="interlanguage-link interwiki-ja mw-list-item"><a href="https://ja.wikipedia.org/wiki/%E3%83%A9%E3%83%B3%E3%82%B5%E3%83%A0%E3%82%A6%E3%82%A7%E3%82%A2" title="ランサムウェア – Japanese" lang="ja" hreflang="ja" data-title="ランサムウェア" data-language-autonym="日本語" data-language-local-name="Japanese" class="interlanguage-link-target">日本語</a></li><li class="interlanguage-link interwiki-no mw-list-item"><a href="https://no.wikipedia.org/wiki/L%C3%B8sepengevirus" title="Løsepengevirus – Norwegian Bokmål" lang="nb" hreflang="nb" data-title="Løsepengevirus" data-language-autonym="Norsk bokmål" data-language-local-name="Norwegian Bokmål" class="interlanguage-link-target">Norsk bokmål</a></li><li class="interlanguage-link interwiki-pl mw-list-item"><a href="https://pl.wikipedia.org/wiki/Ransomware" title="Ransomware – Polish" lang="pl" hreflang="pl" data-title="Ransomware" data-language-autonym="Polski" data-language-local-name="Polish" class="interlanguage-link-target">Polski</a></li><li class="interlanguage-link interwiki-pt mw-list-item"><a href="https://pt.wikipedia.org/wiki/Ransomware" title="Ransomware – Portuguese" lang="pt" hreflang="pt" data-title="Ransomware" data-language-autonym="Português" data-language-local-name="Portuguese" class="interlanguage-link-target">Português</a></li><li class="interlanguage-link interwiki-ro mw-list-item"><a href="https://ro.wikipedia.org/wiki/Ransomware" title="Ransomware – Romanian" lang="ro" hreflang="ro" data-title="Ransomware" data-language-autonym="Română" data-language-local-name="Romanian" class="interlanguage-link-target">Română</a></li><li class="interlanguage-link interwiki-ru mw-list-item"><a href="https://ru.wikipedia.org/wiki/%D0%9F%D1%80%D0%BE%D0%B3%D1%80%D0%B0%D0%BC%D0%BC%D0%B0-%D0%B2%D1%8B%D0%BC%D0%BE%D0%B3%D0%B0%D1%82%D0%B5%D0%BB%D1%8C" title="Программа-вымогатель – Russian" lang="ru" hreflang="ru" data-title="Программа-вымогатель" data-language-autonym="Русский" data-language-local-name="Russian" class="interlanguage-link-target">Русский</a></li><li class="interlanguage-link interwiki-simple mw-list-item"><a href="https://simple.wikipedia.org/wiki/Ransomware" title="Ransomware – Simple English" lang="en-simple" hreflang="en-simple" data-title="Ransomware" data-language-autonym="Simple English" data-language-local-name="Simple English" class="interlanguage-link-target">Simple English</a></li><li class="interlanguage-link interwiki-sk mw-list-item"><a href="https://sk.wikipedia.org/wiki/Ransomware" title="Ransomware – Slovak" lang="sk" hreflang="sk" data-title="Ransomware" data-language-autonym="Slovenčina" data-language-local-name="Slovak" class="interlanguage-link-target">Slovenčina</a></li><li class="interlanguage-link interwiki-sl mw-list-item"><a href="https://sl.wikipedia.org/wiki/Izsiljevalsko_programje" title="Izsiljevalsko programje – Slovenian" lang="sl" hreflang="sl" data-title="Izsiljevalsko programje" data-language-autonym="Slovenščina" data-language-local-name="Slovenian" class="interlanguage-link-target">Slovenščina</a></li><li class="interlanguage-link interwiki-ckb mw-list-item"><a href="https://ckb.wikipedia.org/wiki/%D8%A8%D8%A7%D8%AC%D8%A7%D9%85%DB%8E%D8%B1" title="باجامێر – Central Kurdish" lang="ckb" hreflang="ckb" data-title="باجامێر" data-language-autonym="کوردی" data-language-local-name="Central Kurdish" class="interlanguage-link-target">کوردی</a></li><li class="interlanguage-link interwiki-sr mw-list-item"><a href="https://sr.wikipedia.org/wiki/%D0%A0%D0%B0%D0%BD%D1%81%D0%BE%D0%BC%D0%B2%D0%B5%D1%80" title="Рансомвер – Serbian" lang="sr" hreflang="sr" data-title="Рансомвер" data-language-autonym="Српски / srpski" data-language-local-name="Serbian" class="interlanguage-link-target">Српски / srpski</a></li><li class="interlanguage-link interwiki-sh mw-list-item"><a href="https://sh.wikipedia.org/wiki/Ucjenjiva%C4%8Dki_softver" title="Ucjenjivački softver – Serbo-Croatian" lang="sh" hreflang="sh" data-title="Ucjenjivački softver" data-language-autonym="Srpskohrvatski / српскохрватски" data-language-local-name="Serbo-Croatian" class="interlanguage-link-target">Srpskohrvatski / српскохрватски</a></li><li class="interlanguage-link interwiki-fi mw-list-item"><a href="https://fi.wikipedia.org/wiki/Kiristyshaittaohjelma" title="Kiristyshaittaohjelma – Finnish" lang="fi" hreflang="fi" data-title="Kiristyshaittaohjelma" data-language-autonym="Suomi" data-language-local-name="Finnish" class="interlanguage-link-target">Suomi</a></li><li class="interlanguage-link interwiki-sv mw-list-item"><a href="https://sv.wikipedia.org/wiki/Ransomware" title="Ransomware – Swedish" lang="sv" hreflang="sv" data-title="Ransomware" data-language-autonym="Svenska" data-language-local-name="Swedish" class="interlanguage-link-target">Svenska</a></li><li class="interlanguage-link interwiki-ta mw-list-item"><a href="https://ta.wikipedia.org/wiki/%E0%AE%AA%E0%AE%A3%E0%AE%AF%E0%AE%A4%E0%AF%8D_%E0%AE%A4%E0%AF%80%E0%AE%A8%E0%AE%BF%E0%AE%B0%E0%AE%B2%E0%AF%8D" title="பணயத் தீநிரல் – Tamil" lang="ta" hreflang="ta" data-title="பணயத் தீநிரல்" data-language-autonym="தமிழ்" data-language-local-name="Tamil" class="interlanguage-link-target">தமிழ்</a></li><li class="interlanguage-link interwiki-th mw-list-item"><a href="https://th.wikipedia.org/wiki/%E0%B8%A1%E0%B8%B1%E0%B8%A5%E0%B9%81%E0%B8%A7%E0%B8%A3%E0%B9%8C%E0%B9%80%E0%B8%A3%E0%B8%B5%E0%B8%A2%E0%B8%81%E0%B8%84%E0%B9%88%E0%B8%B2%E0%B9%84%E0%B8%96%E0%B9%88" title="มัลแวร์เรียกค่าไถ่ – Thai" lang="th" hreflang="th" data-title="มัลแวร์เรียกค่าไถ่" data-language-autonym="ไทย" data-language-local-name="Thai" class="interlanguage-link-target">ไทย</a></li><li class="interlanguage-link interwiki-tr mw-list-item"><a href="https://tr.wikipedia.org/wiki/Fidye_vir%C3%BCs%C3%BC" title="Fidye virüsü – Turkish" lang="tr" hreflang="tr" data-title="Fidye virüsü" data-language-autonym="Türkçe" data-language-local-name="Turkish" class="interlanguage-link-target">Türkçe</a></li><li class="interlanguage-link interwiki-uk mw-list-item"><a href="https://uk.wikipedia.org/wiki/Ransomware" title="Ransomware – Ukrainian" lang="uk" hreflang="uk" data-title="Ransomware" data-language-autonym="Українська" data-language-local-name="Ukrainian" class="interlanguage-link-target">Українська</a></li><li class="interlanguage-link interwiki-vi mw-list-item"><a href="https://vi.wikipedia.org/wiki/M%C3%A3_%C4%91%E1%BB%99c_t%E1%BB%91ng_ti%E1%BB%81n" title="Mã độc tống tiền – Vietnamese" lang="vi" hreflang="vi" data-title="Mã độc tống tiền" data-language-autonym="Tiếng Việt" data-language-local-name="Vietnamese" class="interlanguage-link-target">Tiếng Việt</a></li><li class="interlanguage-link interwiki-zh-yue mw-list-item"><a href="https://zh-yue.wikipedia.org/wiki/%E5%8B%92%E7%B4%A2%E8%BB%9F%E4%BB%B6" title="勒索軟件 – Cantonese" lang="yue" hreflang="yue" data-title="勒索軟件" data-language-autonym="粵語" data-language-local-name="Cantonese" class="interlanguage-link-target">粵語</a></li><li class="interlanguage-link interwiki-zh mw-list-item"><a href="https://zh.wikipedia.org/wiki/%E5%8B%92%E7%B4%A2%E8%BB%9F%E9%AB%94" title="勒索軟體 – Chinese" lang="zh" hreflang="zh" data-title="勒索軟體" data-language-autonym="中文" data-language-local-name="Chinese" class="interlanguage-link-target">中文</a></li> </ul> <div class="after-portlet after-portlet-lang"><a href="https://www.wikidata.org/wiki/Special:EntityPage/Q926331#sitelinks-wikipedia" title="Edit interlanguage links" class="wbc-editpage">Edit links</a></div> </div> </div> </div> </header> <div class="vector-page-toolbar"> <div class="vector-page-toolbar-container"> <div id="left-navigation"> <nav aria-label="Namespaces"> <div id="p-associated-pages" class="vector-menu vector-menu-tabs mw-portlet mw-portlet-associated-pages" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="ca-nstab-main" class="selected vector-tab-noicon mw-list-item"><a href="/wiki/Ransomware" title="View the content page [c]" accesskey="c">Article</a></li><li id="ca-talk" class="vector-tab-noicon mw-list-item"><a href="/wiki/Talk:Ransomware" rel="discussion" title="Discuss improvements to the content page [t]" accesskey="t">Talk</a></li> </ul> </div> </div> <div id="vector-variants-dropdown" class="vector-dropdown emptyPortlet" > <input type="checkbox" id="vector-variants-dropdown-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-variants-dropdown" class="vector-dropdown-checkbox " aria-label="Change language variant" > <label id="vector-variants-dropdown-label" for="vector-variants-dropdown-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet" aria-hidden="true" >English </label> <div class="vector-dropdown-content"> <div id="p-variants" class="vector-menu mw-portlet mw-portlet-variants emptyPortlet" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> </ul> </div> </div> </div> </div> </nav> </div> <div id="right-navigation" class="vector-collapsible"> <nav aria-label="Views"> <div id="p-views" class="vector-menu vector-menu-tabs mw-portlet mw-portlet-views" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="ca-view" class="selected vector-tab-noicon mw-list-item"><a href="/wiki/Ransomware">Read</a></li><li id="ca-edit" class="vector-tab-noicon mw-list-item"><a href="/w/index.php?title=Ransomware&action=edit" title="Edit this page [e]" accesskey="e">Edit</a></li><li id="ca-history" class="vector-tab-noicon mw-list-item"><a href="/w/index.php?title=Ransomware&action=history" title="Past revisions of this page [h]" accesskey="h">View history</a></li> </ul> </div> </div> </nav> <nav class="vector-page-tools-landmark" aria-label="Page tools"> <div id="vector-page-tools-dropdown" class="vector-dropdown vector-page-tools-dropdown" > <input type="checkbox" id="vector-page-tools-dropdown-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-page-tools-dropdown" class="vector-dropdown-checkbox " aria-label="Tools" > <label id="vector-page-tools-dropdown-label" for="vector-page-tools-dropdown-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet" aria-hidden="true" >Tools </label> <div class="vector-dropdown-content"> <div id="vector-page-tools-unpinned-container" class="vector-unpinned-container"> <div id="vector-page-tools" class="vector-page-tools vector-pinnable-element"> <div class="vector-pinnable-header vector-page-tools-pinnable-header vector-pinnable-header-unpinned" data-feature-name="page-tools-pinned" data-pinnable-element-id="vector-page-tools" data-pinned-container-id="vector-page-tools-pinned-container" data-unpinned-container-id="vector-page-tools-unpinned-container" > <div class="vector-pinnable-header-label">Tools</div> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-pin-button" data-event-name="pinnable-header.vector-page-tools.pin">move to sidebar</button> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-unpin-button" data-event-name="pinnable-header.vector-page-tools.unpin">hide</button> </div> <div id="p-cactions" class="vector-menu mw-portlet mw-portlet-cactions emptyPortlet vector-has-collapsible-items" title="More options" > <div class="vector-menu-heading"> Actions </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="ca-more-view" class="selected vector-more-collapsible-item mw-list-item"><a href="/wiki/Ransomware">Read</a></li><li id="ca-more-edit" class="vector-more-collapsible-item mw-list-item"><a href="/w/index.php?title=Ransomware&action=edit" title="Edit this page [e]" accesskey="e">Edit</a></li><li id="ca-more-history" class="vector-more-collapsible-item mw-list-item"><a href="/w/index.php?title=Ransomware&action=history">View history</a></li> </ul> </div> </div> <div id="p-tb" class="vector-menu mw-portlet mw-portlet-tb" > <div class="vector-menu-heading"> General </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="t-whatlinkshere" class="mw-list-item"><a href="/wiki/Special:WhatLinksHere/Ransomware" title="List of all English Wikipedia pages containing links to this page [j]" accesskey="j">What links here</a></li><li id="t-recentchangeslinked" class="mw-list-item"><a href="/wiki/Special:RecentChangesLinked/Ransomware" rel="nofollow" title="Recent changes in pages linked from this page [k]" accesskey="k">Related changes</a></li><li id="t-upload" class="mw-list-item"><a href="//en.wikipedia.org/wiki/Wikipedia:File_Upload_Wizard" title="Upload files [u]" accesskey="u">Upload file</a></li><li id="t-specialpages" class="mw-list-item"><a href="/wiki/Special:SpecialPages" title="A list of all special pages [q]" accesskey="q">Special pages</a></li><li id="t-permalink" class="mw-list-item"><a href="/w/index.php?title=Ransomware&oldid=1275355444" title="Permanent link to this revision of this page">Permanent link</a></li><li id="t-info" class="mw-list-item"><a href="/w/index.php?title=Ransomware&action=info" title="More information about this page">Page information</a></li><li id="t-cite" class="mw-list-item"><a href="/w/index.php?title=Special:CiteThisPage&page=Ransomware&id=1275355444&wpFormIdentifier=titleform" title="Information on how to cite this page">Cite this page</a></li><li id="t-urlshortener" class="mw-list-item"><a href="/w/index.php?title=Special:UrlShortener&url=https%3A%2F%2Fen.wikipedia.org%2Fwiki%2FRansomware">Get shortened URL</a></li><li id="t-urlshortener-qrcode" class="mw-list-item"><a href="/w/index.php?title=Special:QrCode&url=https%3A%2F%2Fen.wikipedia.org%2Fwiki%2FRansomware">Download QR code</a></li> </ul> </div> </div> <div id="p-coll-print_export" class="vector-menu mw-portlet mw-portlet-coll-print_export" > <div class="vector-menu-heading"> Print/export </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="coll-download-as-rl" class="mw-list-item"><a href="/w/index.php?title=Special:DownloadAsPdf&page=Ransomware&action=show-download-screen" title="Download this page as a PDF file">Download as PDF</a></li><li id="t-print" class="mw-list-item"><a href="/w/index.php?title=Ransomware&printable=yes" title="Printable version of this page [p]" accesskey="p">Printable version</a></li> </ul> </div> </div> <div id="p-wikibase-otherprojects" class="vector-menu mw-portlet mw-portlet-wikibase-otherprojects" > <div class="vector-menu-heading"> In other projects </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li class="wb-otherproject-link wb-otherproject-commons mw-list-item"><a href="https://commons.wikimedia.org/wiki/Category:Ransomware" hreflang="en">Wikimedia Commons</a></li><li id="t-wikibase" class="wb-otherproject-link wb-otherproject-wikibase-dataitem mw-list-item"><a href="https://www.wikidata.org/wiki/Special:EntityPage/Q926331" title="Structured data on this page hosted by Wikidata [g]" accesskey="g">Wikidata item</a></li> </ul> </div> </div> </div> </div> </div> </div> </nav> </div> </div> </div> <div class="vector-column-end"> <div class="vector-sticky-pinned-container"> <nav class="vector-page-tools-landmark" aria-label="Page tools"> <div id="vector-page-tools-pinned-container" class="vector-pinned-container"> </div> </nav> <nav class="vector-appearance-landmark" aria-label="Appearance"> <div id="vector-appearance-pinned-container" class="vector-pinned-container"> <div id="vector-appearance" class="vector-appearance vector-pinnable-element"> <div class="vector-pinnable-header vector-appearance-pinnable-header vector-pinnable-header-pinned" data-feature-name="appearance-pinned" data-pinnable-element-id="vector-appearance" data-pinned-container-id="vector-appearance-pinned-container" data-unpinned-container-id="vector-appearance-unpinned-container" > <div class="vector-pinnable-header-label">Appearance</div> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-pin-button" data-event-name="pinnable-header.vector-appearance.pin">move to sidebar</button> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-unpin-button" data-event-name="pinnable-header.vector-appearance.unpin">hide</button> </div> </div> </div> </nav> </div> </div> <div id="bodyContent" class="vector-body" aria-labelledby="firstHeading" data-mw-ve-target-container> <div class="vector-body-before-content"> <div class="mw-indicators"> <div id="mw-indicator-good-star" class="mw-indicator"><div class="mw-parser-output"><a href="/wiki/Wikipedia:Good_articles*" title="This is a good article. Click here for more information."><img alt="This is a good article. Click here for more information." src="//upload.wikimedia.org/wikipedia/en/thumb/9/94/Symbol_support_vote.svg/19px-Symbol_support_vote.svg.png" decoding="async" width="19" height="20" class="mw-file-element" srcset="//upload.wikimedia.org/wikipedia/en/thumb/9/94/Symbol_support_vote.svg/29px-Symbol_support_vote.svg.png 1.5x, //upload.wikimedia.org/wikipedia/en/thumb/9/94/Symbol_support_vote.svg/39px-Symbol_support_vote.svg.png 2x" data-file-width="180" data-file-height="185" /></a></div></div> </div> <div id="siteSub" class="noprint">From Wikipedia, the free encyclopedia</div> </div> <div id="contentSub"><div id="mw-content-subtitle"></div></div> <div id="mw-content-text" class="mw-body-content"><div class="mw-content-ltr mw-parser-output" lang="en" dir="ltr"><div class="shortdescription nomobile noexcerpt noprint searchaux" style="display:none">Malicious software used in ransom demands</div> Ransomware is a type of <a href="/wiki/Malware" title="Malware">malware</a> that <a href="/wiki/Encryption" title="Encryption">encrypts</a> the victim's <a href="/wiki/Personal_data" title="Personal data">personal data</a> until a <a href="/wiki/Ransom" title="Ransom">ransom</a> is paid.<a href="#cite_note-young-1">[1]</a><a href="#cite_note-schofield-2">[2]</a><a href="#cite_note-43zHf-3">[3]</a><a href="#cite_note-BBe0f-4">[4]</a><a href="#cite_note-5">[5]</a> They commonly use difficult-to-trace <a href="/wiki/Digital_currency" title="Digital currency">digital currencies</a> such as <a href="/wiki/Paysafecard" class="mw-redirect" title="Paysafecard">paysafecard</a> or <a href="/wiki/Bitcoin" title="Bitcoin">Bitcoin</a> and other <a href="/wiki/Cryptocurrency" title="Cryptocurrency">cryptocurrencies</a> are used for the ransoms, making tracing and prosecuting the perpetrators difficult. Sometimes the original files can be retrieved without paying the ransom due to implementation mistakes, leaked cryptographic keys or a complete lack of encryption in the ransomware. Ransomware attacks are typically carried out using a <a href="/wiki/Trojan_horse_(computing)" title="Trojan horse (computing)">Trojan</a> disguised as a legitimate file that the user is tricked into downloading or opening when it arrives as an email attachment. However, one high-profile example, the <a href="/wiki/WannaCry_worm" class="mw-redirect" title="WannaCry worm">WannaCry worm</a>, traveled automatically between computers without user interaction.<a href="#cite_note-Mh4zt-6">[6]</a> Starting as early as 1989 with the first documented ransomware known as the <a href="/wiki/AIDS_(Trojan_horse)" title="AIDS (Trojan horse)">AIDS trojan</a>, the use of ransomware scams grew internationally.<a href="#cite_note-tw-russia-7">[7]</a><a href="#cite_note-kkk-8">[8]</a><a href="#cite_note-IC3-9">[9]</a> There were 181.5 million ransomware attacks worldwide in the first six months of 2018, 229% more than the first six months of 2017.<a href="#cite_note-gdvoy-10">[10]</a> In June 2014, <a href="/wiki/Security_software" class="mw-redirect" title="Security software">security software</a> company <a href="/wiki/McAfee" title="McAfee">McAfee</a> released data showing that it had collected more than double the number of ransomware samples that quarter than it had in the same quarter the previous year.<a href="#cite_note-infoworld-mcafeeransom-11">[11]</a> <a href="/wiki/CryptoLocker" title="CryptoLocker">CryptoLocker</a> was particularly successful, procuring an estimated US$3 million before it was taken down by authorities,<a href="#cite_note-cl-takedown-12">[12]</a> and CryptoWall was estimated by the US <a href="/wiki/Federal_Bureau_of_Investigation" title="Federal Bureau of Investigation">Federal Bureau of Investigation</a> (FBI) to have accrued over US$18 million by June 2015.<a href="#cite_note-ars-fbicryptowall-13">[13]</a> In 2020, the US <a href="/wiki/Internet_Crime_Complaint_Center" title="Internet Crime Complaint Center">Internet Crime Complaint Center</a> (IC3) received 2,474 complaints identified as ransomware, with adjusted losses of over $29.1 million. The losses could exceed this amount, according to the FBI.<a href="#cite_note-14">[14]</a> Globally, according to <a href="/wiki/Statistica" title="Statistica">Statistica</a>, there were about 623 million ransomware attacks in 2021, and 493 million in 2022.<a href="#cite_note-15">[15]</a> Ransomware payments were estimated at $1.1bn in 2019, $999m in 2020, a record $1.25bn in 2023, and s sharp drop to $813m in 2024, attributed to non-payment by victims and action by law enforcement. <meta property="mw:PageProp/toc" /> <div class="mw-heading mw-heading2"><h2 id="Operation">Operation</h2>[<a href="/w/index.php?title=Ransomware&action=edit&section=1" title="Edit section: Operation">edit</a>]</div> The concept of file-encrypting ransomware was invented and implemented by Young and <a href="/wiki/Moti_Yung" title="Moti Yung">Yung</a> at <a href="/wiki/Columbia_University" title="Columbia University">Columbia University</a> and was presented at the 1996 IEEE Security & Privacy conference. It is called cryptoviral extortion and it was inspired by the fictional facehugger in the movie <a href="/wiki/Alien_(film)" title="Alien (film)">Alien</a>.<a href="#cite_note-yycacm-16">[16]</a> Cryptoviral extortion is the following three-round protocol carried out between the attacker and the victim.<a href="#cite_note-young-1">[1]</a> <ol><li>[attacker→victim] The attacker generates a key pair and places the corresponding public key in the malware. The malware is released.</li> <li>[victim→attacker] To carry out the cryptoviral extortion attack, the malware generates a random <a href="/wiki/Symmetric-key_algorithm" title="Symmetric-key algorithm">symmetric key</a> and encrypts the victim's data with it. It uses the public key in the malware to encrypt the symmetric key. This is known as <a href="/wiki/Hybrid_encryption" class="mw-redirect" title="Hybrid encryption">hybrid encryption</a> and it results in a small asymmetric ciphertext as well as the symmetric ciphertext of the victim's data. It <a href="/wiki/Zeroisation" title="Zeroisation">zeroizes</a> the symmetric key and the original plaintext data to prevent recovery. It puts up a message to the user that includes the asymmetric ciphertext and how to pay the ransom. The victim sends the asymmetric ciphertext and e-money to the attacker.</li> <li>[attacker→victim] The attacker receives the payment, deciphers the asymmetric ciphertext with the attacker's private key, and sends the symmetric key to the victim. The victim deciphers the encrypted data with the needed symmetric key thereby completing the cryptovirology attack.</li></ol> The <a href="/wiki/Symmetric-key_algorithm" title="Symmetric-key algorithm">symmetric key</a> is randomly generated and will not assist other victims. At no point is the attacker's private key exposed to victims and the victim need only send a very small ciphertext (the encrypted symmetric-cipher key) to the attacker. Ransomware attacks are typically carried out using a <a href="/wiki/Trojan_horse_(computing)" title="Trojan horse (computing)">Trojan</a>, entering a system through, for example, a malicious attachment, an embedded link in a <a href="/wiki/Phishing" title="Phishing">phishing</a> email, or a vulnerability in a network service. The program then runs a <a href="/wiki/Payload_(computing)" title="Payload (computing)">payload</a>, which locks the system in some fashion, or claims to lock the system but does not (e.g., a <a href="/wiki/Scareware" title="Scareware">scareware</a> program). Payloads may display a fake warning purportedly by an entity such as a <a href="/wiki/Law_enforcement_agency" title="Law enforcement agency">law enforcement agency</a>, falsely claiming that the system has been used for illegal activities, contains content such as <a href="/wiki/Pornography" title="Pornography">pornography</a> and <a href="/wiki/Piracy_(media)" class="mw-redirect" title="Piracy (media)">"pirated" media</a>.<a href="#cite_note-cw-ranactivate-17">[17]</a><a href="#cite_note-hsfi-ransom-18">[18]</a><a href="#cite_note-pcw-russia-19">[19]</a> Some payloads consist simply of an application designed to lock or restrict the system until payment is made, typically by setting the <a href="/wiki/Windows_Shell" class="mw-redirect" title="Windows Shell">Windows Shell</a> to itself,<a href="#cite_note-kaspersky-german-20">[20]</a> or even modifying the <a href="/wiki/Master_boot_record" title="Master boot record">master boot record</a> and/or <a href="/wiki/Partition_table" class="mw-redirect" title="Partition table">partition table</a> to prevent the operating system from booting until it is repaired.<a href="#cite_note-kaspersky-mbr-21">[21]</a> The most sophisticated payloads <a href="/wiki/Cryptography" title="Cryptography">encrypt</a> files, with many using <a href="/wiki/Strong_encryption" class="mw-redirect" title="Strong encryption">strong encryption</a> to <a href="/wiki/Hybrid_cryptosystem" title="Hybrid cryptosystem">encrypt</a> the victim's files in such a way that only the malware author has the needed decryption key.<a href="#cite_note-young-1">[1]</a><a href="#cite_note-young-2-22">[22]</a><a href="#cite_note-young-3-23">[23]</a> Payment is virtually always the goal, and the victim is <a href="/wiki/Coercion" title="Coercion">coerced</a> into paying for the ransomware to be removed either by supplying a program that can decrypt the files, or by sending an unlock code that undoes the payload's changes. While the attacker may simply take the money without returning the victim's files, it is in the attacker's best interest to perform the decryption as agreed, since victims will stop sending payments if it becomes known that they serve no purpose. A key element in making ransomware work for the attacker is a convenient payment system that is hard to trace. A range of such payment methods have been used, including <a href="/wiki/Wire_transfer" title="Wire transfer">wire transfers</a>, <a href="/wiki/Premium_SMS" class="mw-redirect" title="Premium SMS">premium-rate text messages</a>,<a href="#cite_note-zdnet-24">[24]</a> pre-paid <a href="/wiki/Voucher" title="Voucher">voucher</a> services such as <a href="/wiki/Paysafecard" class="mw-redirect" title="Paysafecard">paysafecard</a>,<a href="#cite_note-tw-russia-7">[7]</a><a href="#cite_note-cw-pirated-25">[25]</a><a href="#cite_note-arstechnica-26">[26]</a> and the <a href="/wiki/Bitcoin" title="Bitcoin">Bitcoin</a> <a href="/wiki/Cryptocurrency" title="Cryptocurrency">cryptocurrency</a>.<a href="#cite_note-ars-cryptolocker-27">[27]</a><a href="#cite_note-computerworld-cryptodefense-28">[28]</a><a href="#cite_note-tm-cryptodefense-29">[29]</a> In May 2020, vendor Sophos reported that the global average cost to remediate a ransomware attack (considering downtime, people time, device cost, network cost, lost opportunity and ransom paid) was $761,106. Ninety-five percent of organizations that paid the ransom had their data restored.<a href="#cite_note-3F0Ac-30">[30]</a> <div class="mw-heading mw-heading2"><h2 id="History">History</h2>[<a href="/w/index.php?title=Ransomware&action=edit&section=2" title="Edit section: History">edit</a>]</div> <style data-mw-deduplicate="TemplateStyles:r1236090951">.mw-parser-output .hatnote{font-style:italic}.mw-parser-output div.hatnote{padding-left:1.6em;margin-bottom:0.5em}.mw-parser-output .hatnote i{font-style:normal}.mw-parser-output .hatnote+link+.hatnote{margin-top:-0.5em}@media print{body.ns-0 .mw-parser-output .hatnote{display:none!important}}</style><div role="note" class="hatnote navigation-not-searchable">See also: <a href="/wiki/History_of_computer_viruses" class="mw-redirect" title="History of computer viruses">History of computer viruses</a> and <a href="/wiki/History_of_malware" class="mw-redirect" title="History of malware">History of malware</a></div> <div class="mw-heading mw-heading3"><h3 id="Encrypting_ransomware">Encrypting ransomware</h3>[<a href="/w/index.php?title=Ransomware&action=edit&section=3" title="Edit section: Encrypting ransomware">edit</a>]</div> The first known malware extortion attack, the <a href="/wiki/AIDS_(Trojan_horse)" title="AIDS (Trojan horse)">"AIDS Trojan"</a> written by Joseph Popp in 1989, had a design failure so severe it was not necessary to pay the extortionist at all. Its payload hid the files on the hard drive and encrypted only their <a href="/wiki/Filename" title="Filename">names</a>, and displayed a message claiming that the user's license to use a certain piece of software had expired. The user was asked to pay <a href="/wiki/United_States_dollar" title="United States dollar">US$</a>189 to "PC Cyborg Corporation" in order to obtain a repair tool even though the decryption key could be extracted from the code of the Trojan. The Trojan was also known as "PC Cyborg". Popp was declared <a href="/wiki/Insanity_defense" title="Insanity defense">mentally unfit</a> to stand trial for his actions, but he promised to donate the profits from the malware to fund <a href="/wiki/HIV/AIDS" title="HIV/AIDS">AIDS</a> research.<a href="#cite_note-tr-extortion-31">[31]</a> The idea of abusing anonymous cash systems to safely collect ransom from human <a href="/wiki/Kidnapping" title="Kidnapping">kidnapping</a> was introduced in 1992 by Sebastiaan von Solms and <a href="/wiki/David_Naccache" title="David Naccache">David Naccache</a>.<a href="#cite_note-mFQOG-32">[32]</a> This electronic money collection method was also proposed for cryptoviral extortion attacks.<a href="#cite_note-young-1">[1]</a> In the von Solms-Naccache scenario a newspaper publication was used (since bitcoin ledgers did not exist at the time the paper was written). The notion of using public key cryptography for data kidnapping attacks was introduced in 1996 by Adam L. Young and <a href="/wiki/Moti_Yung" title="Moti Yung">Moti Yung</a>. Young and Yung critiqued the failed AIDS Information Trojan that relied on <a href="/wiki/Symmetric-key_algorithm" title="Symmetric-key algorithm">symmetric cryptography</a> alone, the fatal flaw being that the decryption key could be extracted from the Trojan, and implemented an experimental proof-of-concept cryptovirus on a <a href="/wiki/Macintosh_SE/30" title="Macintosh SE/30">Macintosh SE/30</a> that used <a href="/wiki/RSA_(algorithm)" class="mw-redirect" title="RSA (algorithm)">RSA</a> and the <a href="/wiki/Tiny_Encryption_Algorithm" title="Tiny Encryption Algorithm">Tiny Encryption Algorithm</a> (TEA) to <a href="/wiki/Hybrid_encryption" class="mw-redirect" title="Hybrid encryption">hybrid encrypt</a> the victim's data. Since <a href="/wiki/Public_key_cryptography" class="mw-redirect" title="Public key cryptography">public key cryptography</a> is used, the virus only contains the encryption key. The attacker keeps the corresponding private decryption key private. Young and Yung's original experimental cryptovirus had the victim send the asymmetric ciphertext to the attacker who deciphers it and returns the symmetric decryption key it contains to the victim for a fee. Long before <a href="/wiki/Electronic_money" class="mw-redirect" title="Electronic money">electronic money</a> existed Young and Yung proposed that electronic money could be extorted through encryption as well, stating that "the virus writer can effectively hold all of the money ransom until half of it is given to him. Even if the e-money was previously encrypted by the user, it is of no use to the user if it gets encrypted by a cryptovirus".<a href="#cite_note-young-1">[1]</a> They referred to these attacks as being "<a href="/wiki/Cryptovirology" title="Cryptovirology">cryptoviral</a> extortion", an overt attack that is part of a larger class of attacks in a field called <a href="/wiki/Cryptovirology" title="Cryptovirology">cryptovirology</a>, which encompasses both overt and covert attacks.<a href="#cite_note-young-1">[1]</a> The cryptoviral extortion protocol was inspired by the parasitic relationship between H. R. Giger's facehugger and its host in the movie <a href="/wiki/Alien_(film)" title="Alien (film)">Alien</a>.<a href="#cite_note-young-1">[1]</a><a href="#cite_note-yycacm-16">[16]</a> Examples of extortionate ransomware became prominent in May 2005.<a href="#cite_note-vTgTO-33">[33]</a> By mid-2006, Trojans such as <a href="/wiki/Gpcode" class="mw-redirect" title="Gpcode">Gpcode</a>, TROJ.RANSOM.A, <a href="/wiki/Archiveus" title="Archiveus">Archiveus</a>, Krotten, Cryzip, and MayArchive began utilizing more sophisticated RSA encryption schemes, with ever-increasing key-sizes. Gpcode.AG, which was detected in June 2006, was encrypted with a 660-bit RSA public key.<a href="#cite_note-Ts45J-34">[34]</a> In June 2008, a variant known as Gpcode.AK was detected. Using a 1024-bit RSA key, it was believed large enough to be computationally infeasible to break without a concerted <a href="/wiki/Distributed_computing" title="Distributed computing">distributed</a> effort.<a href="#cite_note-zdnet-2-35">[35]</a><a href="#cite_note-securityfocus-36">[36]</a><a href="#cite_note-washingtonpost-37">[37]</a><a href="#cite_note-kapersky-38">[38]</a> Encrypting ransomware returned to prominence in late 2013 with the propagation of <a href="/wiki/CryptoLocker" title="CryptoLocker">CryptoLocker</a>—using the <a href="/wiki/Bitcoin" title="Bitcoin">Bitcoin</a> <a href="/wiki/Digital_currency" title="Digital currency">digital currency</a> platform to collect ransom money. In December 2013, <a href="/wiki/ZDNet" class="mw-redirect" title="ZDNet">ZDNet</a> estimated based on Bitcoin transaction information that between 15 October and 18 December, the operators of CryptoLocker had procured about US$27 million from infected users.<a href="#cite_note-zdnet-bitcoinprice-39">[39]</a> The CryptoLocker technique was <a href="/wiki/Copycat_crime" title="Copycat crime">widely copied</a> in the months following, including CryptoLocker 2.0 (thought not to be related to CryptoLocker), CryptoDefense (which initially contained a major design flaw that stored the private key on the infected system in a <a href="/wiki/Application_Data" class="mw-redirect" title="Application Data">user-retrievable location</a>, due to its use of Windows' built-in encryption APIs),<a href="#cite_note-computerworld-cryptodefense-28">[28]</a><a href="#cite_note-pcworld-torrentlocker-40">[40]</a><a href="#cite_note-eset-cl2-41">[41]</a><a href="#cite_note-tm-newcl-42">[42]</a> and the August 2014 discovery of a Trojan specifically targeting <a href="/wiki/Network-attached_storage" title="Network-attached storage">network-attached storage</a> devices produced by <a href="/wiki/Synology" title="Synology">Synology</a>.<a href="#cite_note-extech-synologycrypto-43">[43]</a> In January 2015, it was reported that ransomware-styled attacks have occurred against individual websites via hacking, and through ransomware designed to target <a href="/wiki/Linux" title="Linux">Linux</a>-based <a href="/wiki/Web_server" title="Web server">web servers</a>.<a href="#cite_note-pcworld-linuxrw-44">[44]</a><a href="#cite_note-sw-ransomweb-45">[45]</a><a href="#cite_note-guardian-ransomweb-46">[46]</a> In 2022, Costa Rica received widespread <a href="/wiki/Conti_(ransomware)" title="Conti (ransomware)">Conti</a> ransomware attacks affecting government, healthcare and industry.<a href="#cite_note-47">[47]</a> This led President Rodrigo Chaves to declare a state of emergency and announce that Costa Rica is "at war" with its ransomware hackers.<a href="#cite_note-48">[48]</a> In some infections, there is a two-stage payload, common in many malware systems. The user is tricked into running a script, which downloads the main virus and executes it. In early versions of the dual-payload system, the script was contained in a Microsoft Office document with an attached VBScript macro, or in a windows scripting facility (WSF) file. As detection systems started blocking these first stage payloads, the Microsoft Malware Protection Center identified a trend away toward <a href="/wiki/LNK_file" class="mw-redirect" title="LNK file">LNK files</a> with self-contained Microsoft Windows <a href="/wiki/PowerShell" title="PowerShell">PowerShell</a> scripts.<a href="#cite_note-EMEuQ-49">[49]</a> In 2016, PowerShell was found to be involved in nearly 40% of endpoint security incidents.<a href="#cite_note-J5eBn-50">[50]</a> Some ransomware strains have used <a href="/wiki/Proxy_server" title="Proxy server">proxies</a> tied to <a href="/wiki/Tor_(anonymity_network)" class="mw-redirect" title="Tor (anonymity network)">Tor</a> <a href="/wiki/Hidden_service" class="mw-redirect" title="Hidden service">hidden services</a> to connect to their <a href="/wiki/Command_and_control_(malware)" class="mw-redirect" title="Command and control (malware)">command and control</a> servers, increasing the difficulty of tracing the exact location of the criminals.<a href="#cite_note-guardian-tor-51">[51]</a><a href="#cite_note-sophos-ctblocker-52">[52]</a> Furthermore, <a href="/wiki/Dark_web" title="Dark web">dark web</a> vendors have increasingly[<a href="/wiki/Wikipedia:Manual_of_Style/Dates_and_numbers#Chronological_items" title="Wikipedia:Manual of Style/Dates and numbers">when?</a>] started to offer the technology <a href="/wiki/Software_as_a_service" title="Software as a service">as a service</a>, wherein ransomware is sold, ready for deployment on victims' machines, on a subscription basis, similarly to Adobe Creative Cloud or Office 365.<a href="#cite_note-sophos-ctblocker-52">[52]</a><a href="#cite_note-6muO1-53">[53]</a><a href="#cite_note-KguUY-54">[54]</a> Symantec has classified ransomware to be the most dangerous cyber threat.<a href="#cite_note-:0-55">[55]</a> <div class="mw-heading mw-heading3"><h3 id="Non-encrypting_ransomware">Non-encrypting ransomware</h3>[<a href="/w/index.php?title=Ransomware&action=edit&section=4" title="Edit section: Non-encrypting ransomware">edit</a>]</div> In August 2010, Russian authorities arrested nine individuals connected to a ransomware Trojan known as WinLock. Unlike the previous Gpcode Trojan, WinLock did not use encryption. Instead, WinLock trivially restricted access to the system by displaying pornographic images and asked users to send a <a href="/wiki/Short_Message_Service#Premium-rated_short_messages" class="mw-redirect" title="Short Message Service">premium-rate SMS</a> (costing around US$10) to receive a code that could be used to unlock their machines. The scam hit numerous users across Russia and neighbouring countries—reportedly earning the group over US$16 million.<a href="#cite_note-pcw-russia-19">[19]</a><a href="#cite_note-ibVGX-56">[56]</a> In 2011, a ransomware Trojan surfaced that imitated the <a href="/wiki/Windows_Product_Activation" class="mw-redirect" title="Windows Product Activation">Windows Product Activation</a> notice, and informed users that a system's Windows installation had to be re-activated due to "[being a] victim of fraud". An online activation option was offered (like the actual Windows activation process), but was unavailable, requiring the user to call one of six <a href="/wiki/International_call" title="International call">international numbers</a> to input a 6-digit code. While the malware claimed that this call would be free, it was routed through a rogue operator in a country with high international phone rates, who placed the call on hold, causing the user to incur large international <a href="/wiki/Long-distance_calling" title="Long-distance calling">long-distance</a> charges.<a href="#cite_note-cw-ranactivate-17">[17]</a> In 2012, Symantec reported spread out of Eastern Europe of ransomware with a lock screen purporting to be law enforcement demanding payment for illegal activity.<a href="#cite_note-Gorman&McDonald-57">[57]</a> In February 2013, a ransomware Trojan based on the Stamp.EK <a href="/wiki/Exploit_kit" title="Exploit kit">exploit kit</a> surfaced; the malware was distributed via sites hosted on the project hosting services <a href="/wiki/SourceForge" title="SourceForge">SourceForge</a> and <a href="/wiki/GitHub" title="GitHub">GitHub</a> that claimed to offer "fake nude pics" of celebrities.<a href="#cite_note-tnw-fakenudepics-58">[58]</a> In July 2013, an <a href="/wiki/OS_X" class="mw-redirect" title="OS X">OS X</a>-specific ransomware Trojan surfaced, which displays a web page that accuses the user of downloading pornography. Unlike its Windows-based counterparts, it does not block the entire computer, but simply <a href="/wiki/Clickjacking" title="Clickjacking">exploits the behaviour of the web browser itself</a> to frustrate attempts to close the page through normal means.<a href="#cite_note-tnw-osxransom-59">[59]</a> In July 2013, a 21-year-old man from Virginia, whose computer coincidentally did contain pornographic photographs of underage girls with whom he had conducted sexualized communications, turned himself in to police after receiving and being deceived by <a href="/wiki/FBI_MoneyPak_Ransomware" title="FBI MoneyPak Ransomware">FBI MoneyPak Ransomware</a> accusing him of possessing child pornography. An investigation discovered the incriminating files, and the man was charged with <a href="/wiki/Child_sexual_abuse" title="Child sexual abuse">child sexual abuse</a> and possession of child pornography.<a href="#cite_note-ars-cpvirginia-60">[60]</a> <div class="mw-heading mw-heading3"><h3 id="Exfiltration_(Leakware_/_Doxware)">Exfiltration (Leakware / Doxware)</h3>[<a href="/w/index.php?title=Ransomware&action=edit&section=5" title="Edit section: Exfiltration (Leakware / Doxware)">edit</a>]</div> The converse of ransomware is a <a href="/wiki/Cryptovirology" title="Cryptovirology">cryptovirology</a> attack invented by Adam L. Young that threatens to publish stolen information from the victim's computer system rather than deny the victim access to it.<a href="#cite_note-iaw2003-61">[61]</a> In a leakware attack, malware exfiltrates sensitive host data either to the attacker or alternatively, to remote instances of the malware, and the attacker threatens to publish the victim's data unless a ransom is paid. The attack was presented at <a href="/wiki/West_Point" class="mw-redirect" title="West Point">West Point</a> in 2003 and was summarized in the book Malicious Cryptography as follows, "The attack differs from the extortion attack in the following way. In the extortion attack, the victim is denied access to its own valuable information and has to pay to get it back, where in the attack that is presented here the victim retains access to the information but its disclosure is at the discretion of the computer virus".<a href="#cite_note-maliciouscrypto-62">[62]</a> The attack is rooted in game theory and was originally dubbed "non-zero sum games and survivable malware". The attack can yield monetary gain in cases where the malware acquires access to information that may damage the victim user or organization, e.g., the reputational damage that could result from publishing proof that the attack itself was a success. Common targets for exfiltration include: <ul><li>third party information stored by the primary victim (such as customer account information or health records);</li> <li>information proprietary to the victim (such as trade secrets and product information)</li> <li>embarrassing information (such as the victim's health information or information about the victim's personal past)</li></ul> Exfiltration attacks are usually targeted, with a curated victim list, and often preliminary surveillance of the victim's systems to find potential data targets and weaknesses.<a href="#cite_note-4z2LU-63">[63]</a><a href="#cite_note-BPyEx-64">[64]</a> <div class="mw-heading mw-heading3"><h3 id="Mobile_ransomware">Mobile ransomware</h3>[<a href="/w/index.php?title=Ransomware&action=edit&section=6" title="Edit section: Mobile ransomware">edit</a>]</div> With the increased popularity of ransomware on PC platforms, ransomware targeting <a href="/wiki/Mobile_operating_system" title="Mobile operating system">mobile operating systems</a> has also proliferated. Typically, mobile ransomware payloads are blockers, as there is little incentive to encrypt data since it can be easily restored via online synchronization.<a href="#cite_note-kapersky-androidrw-65">[65]</a> Mobile ransomware typically targets the <a href="/wiki/Android_(operating_system)" title="Android (operating system)">Android</a> platform, as it allows applications to be installed from third-party sources.<a href="#cite_note-kapersky-androidrw-65">[65]</a><a href="#cite_note-ars-androidransomware-66">[66]</a> The payload is typically distributed as an <a href="/wiki/APK_file" class="mw-redirect" title="APK file">APK file</a> installed by an unsuspecting user; it may attempt to display a blocking message over top of all other applications,<a href="#cite_note-ars-androidransomware-66">[66]</a> while another used a form of <a href="/wiki/Clickjacking" title="Clickjacking">clickjacking</a> to cause the user to give it "device administrator" privileges to achieve deeper access to the system.<a href="#cite_note-pcw-ransomwaredeviceadmin-67">[67]</a> Different tactics have been used on <a href="/wiki/IOS" title="IOS">iOS</a> devices, such as exploiting <a href="/wiki/ICloud" title="ICloud">iCloud</a> accounts and using the <a href="/wiki/Find_My_iPhone" class="mw-redirect" title="Find My iPhone">Find My iPhone</a> system to lock access to the device.<a href="#cite_note-fortune-findmyiphonerw-68">[68]</a> On <a href="/wiki/IOS_10.3" class="mw-redirect" title="IOS 10.3">iOS 10.3</a>, Apple patched a bug in the handling of JavaScript pop-up windows in <a href="/wiki/Safari_(web_browser)" title="Safari (web browser)">Safari</a> that had been exploited by ransomware websites.<a href="#cite_note-ars-iosransom-69">[69]</a> It recently[<a href="/wiki/Wikipedia:Manual_of_Style/Dates_and_numbers#Chronological_items" title="Wikipedia:Manual of Style/Dates and numbers">when?</a>] has been shown that ransomware may also target ARM architectures like those that can be found in various Internet-of-Things (IoT) devices, such as Industrial IoT edge devices.<a href="#cite_note-RoX2F-70">[70]</a> In August 2019 researchers demonstrated it is possible to infect <a href="/wiki/DSLR_camera" class="mw-redirect" title="DSLR camera">DSLR cameras</a> with ransomware.<a href="#cite_note-hOd8r-71">[71]</a> Digital cameras often use <a href="/wiki/Picture_Transfer_Protocol" title="Picture Transfer Protocol">Picture Transfer Protocol</a> (PTP - standard protocol used to transfer files.) Researchers found that it was possible to exploit vulnerabilities in the protocol to infect target camera(s) with ransomware (or execute any arbitrary code). This attack was presented at the <a href="/wiki/DEF_CON" title="DEF CON">Defcon</a> security conference in Las Vegas as a proof of concept attack (not as actual armed malware). <div class="mw-heading mw-heading3"><h3 id="Progression_of_attacks">Progression of attacks</h3>[<a href="/w/index.php?title=Ransomware&action=edit&section=7" title="Edit section: Progression of attacks">edit</a>]</div> The first attacks were on random users, typically infected through email attachments sent by small groups of criminals, demanding a few hundred dollars in cryptocurrency to unlock files (typically a private individual's photographs and documents) that the ransomware had encrypted. As ransomware matured as a business, organised gangs entered the field, advertising on the <a href="/wiki/Dark_Web" class="mw-redirect" title="Dark Web">dark Web</a> for experts, and <a href="/wiki/Outsourcing" title="Outsourcing">outsourcing</a> functions. This led to improvement in the quality of ransomware and its success. Rather than random emails, the gangs stole credentials, found vulnerabilities in target networks, and improved the malware to avoid detection by anti-malware scanners. Ransoms demanded escalated into the much larger sums (millions) that an enterprise would pay to recover its data, rather than what an individual would pay for their documents (hundreds). In 2016, a significant uptick in ransomware attacks on hospitals was noted. According to the 2017 Internet Security Threat Report from Symantec Corp, ransomware affected not only IT systems but also patient care, clinical operations, and billing. Online criminals may be motivated by the money available and sense of urgency within the healthcare system.<a href="#cite_note-X77eS-72">[72]</a> Ransomware is growing rapidly across the internet users but also for the IoT environment.<a href="#cite_note-Gorman&McDonald-57">[57]</a> The big problem is that millions of dollars are lost by some organizations and industries that have decided to pay, such as the Hollywood Presbyterian Medical Center and the MedStar Health.<a href="#cite_note-TpWLZ-73">[73]</a> According to Symantec 2019 ISTR report, for the first time since 2013, in 2018 there was an observed decrease in ransomware activity with a drop of 20 percent. Before 2017, consumers were the preferred victims, but in 2017 this changed dramatically, it moved to the enterprises. In 2018 this path accelerated with 81 percent infections which represented a 12 percent increase.<a href="#cite_note-jARvz-74">[74]</a> The common distribution method today is based on email campaigns. In late 2019 ransomware group Maze downloaded companies' sensitive files before locking them, and threatened to leak the data publicly if the ransom was not paid; in at least one case they did this. Many other gangs followed; "leak sites" were created on the dark web where stolen data could be accessed. Later attacks focussed on the threat to leak data, without necessarily locking it—this negated the protection afforded victims by robust backup procedures. As of 2023<a class="external text" href="https://en.wikipedia.org/w/index.php?title=Ransomware&action=edit">[update]</a> there is a risk of hostile governments using ransomware to conceal what is actually intelligence gathering.<a href="#cite_note-dudley-75">[75]</a> The first reported death following a ransomware attack was at a German hospital in October 2020.<a href="#cite_note-T4Y1I-76">[76]</a> There was a significant increase in ransomware attacks during the 2020 <a href="/wiki/COVID-19_pandemic" title="COVID-19 pandemic">COVID-19 pandemic</a>. Evidence found that the targeted institutions of these attacks included government, finance, and healthcare. Researchers have contended that several different factors can explain the increase in attacks during this time. However, a major factor is that <a href="/wiki/Remote_work" title="Remote work">remote work</a>, which became the norm for many industries in 2020, led to the surge in attacks because of the lack of security in comparison to traditional work environments.<a href="#cite_note-77">[77]</a> Ransomware attacks are estimated to have led to payments totalling $1.1bn in 2019, $999m in 2020, and a record $1.25bn in 2023. This decreased to $813m in 2024, with a sharp drop in the second half of the year, according to research firm <a href="/wiki/Chainalysis" title="Chainalysis">Chainalysis</a>, attributed to victims refusing to pay, and action by law enforcement. However, Chainalysis said that the downward trend in payments was fragile, and ransomware attacks remained prolific.<a href="#cite_note-milmo-78">[78]</a> A coordinated international operation in February 2024 took down gang <a href="/wiki/LockBit" title="LockBit">LockBit</a>, and gang <a href="/wiki/BlackCat_(cyber_gang)" title="BlackCat (cyber gang)">BlackCat/ALPHV</a> disappeared.<a href="#cite_note-milmo-78">[78]</a> As of early 2015, the United Kingdom was considering banning schools, the NHS and local councils from making ransomware payments, requiring private companies to report proposed payouts, and requiring mandatory reporting of ransomware attacks.<a href="#cite_note-milmo-78">[78]</a> <div class="mw-heading mw-heading2"><h2 id="Notable_attack_targets">Notable attack targets</h2>[<a href="/w/index.php?title=Ransomware&action=edit&section=8" title="Edit section: Notable attack targets">edit</a>]</div> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1236090951"><div role="note" class="hatnote navigation-not-searchable">Further information: <a href="/wiki/List_of_cyberattacks#Ransomware_attacks" title="List of cyberattacks">List of cyberattacks § Ransomware attacks</a></div> <div class="mw-heading mw-heading2"><h2 id="Notable_software_packages">Notable software packages</h2>[<a href="/w/index.php?title=Ransomware&action=edit&section=9" title="Edit section: Notable software packages">edit</a>]</div> <div class="mw-heading mw-heading3"><h3 id="Reveton">Reveton</h3>[<a href="/w/index.php?title=Ransomware&action=edit&section=10" title="Edit section: Reveton">edit</a>]</div> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1236090951"><div role="note" class="hatnote navigation-not-searchable">Main article: <a href="/wiki/FBI_MoneyPak_Ransomware" title="FBI MoneyPak Ransomware">FBI MoneyPak Ransomware</a></div> <figure class="mw-default-size" typeof="mw:File/Thumb"><a href="/wiki/File:Metropolitan_Police_ransomware_scam.jpg" class="mw-file-description"><img src="//upload.wikimedia.org/wikipedia/en/thumb/c/ca/Metropolitan_Police_ransomware_scam.jpg/220px-Metropolitan_Police_ransomware_scam.jpg" decoding="async" width="220" height="141" class="mw-file-element" srcset="//upload.wikimedia.org/wikipedia/en/thumb/c/ca/Metropolitan_Police_ransomware_scam.jpg/330px-Metropolitan_Police_ransomware_scam.jpg 1.5x, //upload.wikimedia.org/wikipedia/en/c/ca/Metropolitan_Police_ransomware_scam.jpg 2x" data-file-width="394" data-file-height="252" /></a><figcaption>A Reveton payload, fraudulently claiming that the user must pay a fine to the <a href="/wiki/Metropolitan_Police_Service" class="mw-redirect" title="Metropolitan Police Service">Metropolitan Police Service</a></figcaption></figure> In 2012, a major ransomware Trojan known as Reveton began to spread. Based on the Citadel <a href="/wiki/Trojan_horse_(computing)" title="Trojan horse (computing)">Trojan</a> (which, itself, is based on the <a href="/wiki/Zeus_(Trojan_horse)" class="mw-redirect" title="Zeus (Trojan horse)">Zeus</a> Trojan), its payload displays a warning purportedly from a law enforcement agency claiming that the computer has been used for illegal activities, such as downloading <a href="/wiki/Copyright_infringement#"Piracy"" title="Copyright infringement">unlicensed software</a> or <a href="/wiki/Child_pornography" title="Child pornography">child pornography</a>. Due to this behaviour, it is commonly referred to as the "Police Trojan".<a href="#cite_note-thejournal-policetrojam-79">[79]</a><a href="#cite_note-KZgG4-80">[80]</a><a href="#cite_note-reg-reve-81">[81]</a> The warning informs the user that to unlock their system, they would have to pay a fine using a voucher from an anonymous prepaid cash service such as <a href="/wiki/Ukash" title="Ukash">Ukash</a> or <a href="/wiki/Paysafecard" class="mw-redirect" title="Paysafecard">paysafecard</a>. To increase the illusion that the computer is being tracked by law enforcement, the screen also displays the computer's <a href="/wiki/IP_address" title="IP address">IP address</a>, while some versions display footage from a victim's <a href="/wiki/Webcam" title="Webcam">webcam</a> to give the illusion that the user is being recorded.<a href="#cite_note-tw-russia-7">[7]</a><a href="#cite_note-iw-fbi-82">[82]</a> Reveton initially began spreading in various European countries in early 2012.<a href="#cite_note-tw-russia-7">[7]</a> Variants were localized with templates branded with the logos of different law enforcement organizations based on the user's country; for example, variants used in the United Kingdom contained the branding of organizations such as the <a href="/wiki/Metropolitan_Police_Service" class="mw-redirect" title="Metropolitan Police Service">Metropolitan Police Service</a> and the <a href="/wiki/Police_National_E-Crime_Unit" class="mw-redirect" title="Police National E-Crime Unit">Police National E-Crime Unit</a>. Another version contained the logo of the <a href="/wiki/Copyright_collective" title="Copyright collective">royalty collection society</a> <a href="/wiki/PRS_for_Music" title="PRS for Music">PRS for Music</a>, which specifically accused the user of illegally downloading music.<a href="#cite_note-tw-pecu-83">[83]</a> In a statement warning the public about the malware, the Metropolitan Police clarified that they would never lock a computer in such a way as part of an investigation.<a href="#cite_note-tw-russia-7">[7]</a><a href="#cite_note-hsfi-ransom-18">[18]</a> In May 2012, <a href="/wiki/Trend_Micro" title="Trend Micro">Trend Micro</a> threat researchers discovered templates for variations for the <a href="/wiki/United_States" title="United States">United States</a> and <a href="/wiki/Canada" title="Canada">Canada</a>, suggesting that its authors may have been planning to target users in North America.<a href="#cite_note-pcw-canusa-84">[84]</a> By August 2012, a new variant of Reveton began to spread in the United States, claiming to require the payment of a <a href="/wiki/United_states_dollar" class="mw-redirect" title="United states dollar">$</a>200 fine to the FBI using a <a href="/wiki/MoneyPak" class="mw-redirect" title="MoneyPak">MoneyPak</a> card.<a href="#cite_note-kkk-8">[8]</a><a href="#cite_note-IC3-9">[9]</a><a href="#cite_note-iw-fbi-82">[82]</a> In February 2013, a Russian citizen was arrested in <a href="/wiki/Dubai" title="Dubai">Dubai</a> by Spanish authorities for his connection to a crime ring that had been using Reveton; ten other individuals were arrested on <a href="/wiki/Money_laundering" title="Money laundering">money laundering</a> charges.<a href="#cite_note-tw-revetonarrest-85">[85]</a> In August 2014, <a href="/wiki/Avast_Software" class="mw-redirect" title="Avast Software">Avast Software</a> reported that it had found new variants of Reveton that also distribute password-stealing malware as part of its payload.<a href="#cite_note-pcw-revetonupgrade-86">[86]</a> <div class="mw-heading mw-heading3"><h3 id="CryptoLocker">CryptoLocker</h3>[<a href="/w/index.php?title=Ransomware&action=edit&section=11" title="Edit section: CryptoLocker">edit</a>]</div> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1236090951"><div role="note" class="hatnote navigation-not-searchable">Main article: <a href="/wiki/CryptoLocker" title="CryptoLocker">CryptoLocker</a></div> Encrypting ransomware reappeared in September 2013 with a Trojan known as <a href="/wiki/CryptoLocker" title="CryptoLocker">CryptoLocker</a>, which generated a 2048-bit RSA key pair and uploaded in turn to a command-and-control server, and used to encrypt files using a <a href="/wiki/Whitelist" title="Whitelist">whitelist</a> of specific <a href="/wiki/File_extension" class="mw-redirect" title="File extension">file extensions</a>. The malware threatened to delete the private key if a payment of <a href="/wiki/Bitcoin" title="Bitcoin">Bitcoin</a> or a pre-paid cash voucher was not made within 3 days of the infection. Due to the extremely large key size it uses, analysts and those affected by the Trojan considered CryptoLocker extremely difficult to repair.<a href="#cite_note-ars-cryptolocker-27">[27]</a><a href="#cite_note-geek-cryptolocker-87">[87]</a><a href="#cite_note-guardian-cryptolocker-88">[88]</a><a href="#cite_note-sophos-cryptolocker-89">[89]</a> Even after the deadline passed, the private key could still be obtained using an online tool, but the price would increase to 10 BTC—which cost approximately US$2300 as of November 2013.<a href="#cite_note-nw-cryptolockersecondchance-90">[90]</a><a href="#cite_note-pcw-moremoney-91">[91]</a> CryptoLocker was isolated by the seizure of the <a href="/wiki/Gameover_ZeuS" title="Gameover ZeuS">Gameover ZeuS</a> <a href="/wiki/Botnet" title="Botnet">botnet</a> as part of <a href="/wiki/Operation_Tovar" title="Operation Tovar">Operation Tovar</a>, as officially announced by the <a href="/wiki/U.S._Department_of_Justice" class="mw-redirect" title="U.S. Department of Justice">U.S. Department of Justice</a> on 2 June 2014. The Department of Justice also publicly issued an <a href="/wiki/Indictment" title="Indictment">indictment</a> against the Russian hacker Evgeniy Bogachev for his alleged involvement in the botnet.<a href="#cite_note-cw-whambam-92">[92]</a><a href="#cite_note-doj-takedown-93">[93]</a> It was estimated that at least US$3 million was extorted with the malware before the shutdown.<a href="#cite_note-cl-takedown-12">[12]</a> <div class="mw-heading mw-heading3"><h3 id="CryptoLocker.F_and_TorrentLocker">CryptoLocker.F and TorrentLocker</h3>[<a href="/w/index.php?title=Ransomware&action=edit&section=12" title="Edit section: CryptoLocker.F and TorrentLocker">edit</a>]</div> In September 2014, a wave of ransomware Trojans surfaced that first targeted users in <a href="/wiki/Australia" title="Australia">Australia</a>, under the names CryptoWall and CryptoLocker (which is, as with CryptoLocker 2.0, unrelated to the original CryptoLocker). The Trojans spread via fraudulent e-mails claiming to be failed parcel delivery notices from <a href="/wiki/Australia_Post" title="Australia Post">Australia Post</a>; to evade detection by automatic e-mail scanners that follow all links on a page to scan for malware, this variant was designed to require users to visit a web page and enter a <a href="/wiki/CAPTCHA" title="CAPTCHA">CAPTCHA</a> code before the payload is actually downloaded, preventing such automated processes from being able to scan the payload. <a href="/wiki/NortonLifeLock" class="mw-redirect" title="NortonLifeLock">Symantec</a> determined that these new variants, which it identified as CryptoLocker.F, were again, unrelated to the original CryptoLocker due to differences in their operation.<a href="#cite_note-symantec-aus-94">[94]</a><a href="#cite_note-smh-lockup-95">[95]</a> A notable victim of the Trojans was the <a href="/wiki/Australian_Broadcasting_Corporation" title="Australian Broadcasting Corporation">Australian Broadcasting Corporation</a>; live programming on its television <a href="/wiki/News_channel" class="mw-redirect" title="News channel">news channel</a> <a href="/wiki/ABC_News_24" class="mw-redirect" title="ABC News 24">ABC News 24</a> was disrupted for half an hour and shifted to <a href="/wiki/Melbourne" title="Melbourne">Melbourne</a> studios due to a CryptoWall infection on computers at its <a href="/wiki/Sydney" title="Sydney">Sydney</a> studio.<a href="#cite_note-arn-cryptolockerf-96">[96]</a><a href="#cite_note-smh-cryptowall-97">[97]</a><a href="#cite_note-cso-abcnews24-98">[98]</a> Another Trojan in this wave, <a href="/wiki/TorrentLocker" title="TorrentLocker">TorrentLocker</a>, initially contained a design flaw comparable to CryptoDefense; it used the same <a href="/wiki/Keystream" title="Keystream">keystream</a> for every infected computer, making the encryption trivial to overcome. However, this flaw was later fixed.<a href="#cite_note-pcworld-torrentlocker-40">[40]</a> By late-November 2014, it was estimated that over 9,000 users had been infected by TorrentLocker in Australia alone, trailing only Turkey with 11,700 infections.<a href="#cite_note-cso-torrentlocker-99">[99]</a> <div class="mw-heading mw-heading3"><h3 id="CryptoWall">CryptoWall</h3>[<a href="/w/index.php?title=Ransomware&action=edit&section=13" title="Edit section: CryptoWall">edit</a>]</div> Another major ransomware Trojan targeting Windows, CryptoWall, first appeared in 2014. One strain of CryptoWall was distributed as part of a <a href="/wiki/Malvertising" title="Malvertising">malvertising</a> campaign on the <a href="/wiki/Zedo" title="Zedo">Zedo</a> ad network in late-September 2014 that targeted several major websites; the ads redirected to rogue websites that used browser plugin exploits to download the payload. A <a href="/wiki/Barracuda_Networks" title="Barracuda Networks">Barracuda Networks</a> researcher also noted that the payload was signed with a <a href="/wiki/Digital_signature" title="Digital signature">digital signature</a> in an effort to appear trustworthy to security software.<a href="#cite_note-pcw-signedcryptowall-100">[100]</a> CryptoWall 3.0 used a payload written in <a href="/wiki/JavaScript" title="JavaScript">JavaScript</a> as part of an email attachment, which downloads executables disguised as <a href="/wiki/JPG" class="mw-redirect" title="JPG">JPG</a> images. To further evade detection, the malware creates new instances of <a href="/wiki/Explorer.exe" class="mw-redirect" title="Explorer.exe">explorer.exe</a> and <a href="/wiki/Svchost.exe" title="Svchost.exe">svchost.exe</a> to communicate with its servers. When encrypting files, the malware also deletes volume shadow copies and installs spyware that steals passwords and <a href="/wiki/Bitcoin_wallet" class="mw-redirect" title="Bitcoin wallet">Bitcoin wallets</a>.<a href="#cite_note-tm-cw3-101">[101]</a> The FBI reported in June 2015 that nearly 1,000 victims had contacted the bureau's <a href="/wiki/Internet_Crime_Complaint_Center" title="Internet Crime Complaint Center">Internet Crime Complaint Center</a> to report CryptoWall infections, and estimated losses of at least $18 million.<a href="#cite_note-ars-fbicryptowall-13">[13]</a> The most recent[<a href="/wiki/Wikipedia:Manual_of_Style/Dates_and_numbers#Chronological_items" title="Wikipedia:Manual of Style/Dates and numbers">when?</a>] version, CryptoWall 4.0, enhanced its code to avoid antivirus detection, and encrypts not only the data in files but also the file names.<a href="#cite_note-heimdal-102">[102]</a> <div class="mw-heading mw-heading3"><h3 id="Fusob">Fusob</h3>[<a href="/w/index.php?title=Ransomware&action=edit&section=14" title="Edit section: Fusob">edit</a>]</div> Fusob is a major family of mobile ransomware. Between April 2015 and March 2016, about 56 percent of accounted mobile ransomware was Fusob.<a href="#cite_note-arAhb-103">[103]</a> Like most other pieces of ransomware, it employs scare tactics to extort a hefty sum from the user.<a href="#cite_note-GQudC-104">[104]</a> The app <a href="/wiki/Police_impersonation" title="Police impersonation">acts as if it were a notice from the authorities</a>, demanding the victim to pay a fine from $100 to $200 <a href="/wiki/United_States_Dollar" class="mw-redirect" title="United States Dollar">USD</a> or otherwise face a fictitious criminal charge. Fusob requests iTunes gift cards for payment, unlike most cryptocurrency-centric ransomware. In order to infect devices, Fusob <a href="/wiki/Trojan_(computing)" class="mw-redirect" title="Trojan (computing)">masquerades</a> as a pornographic video player.<a href="#cite_note-875Bv-105">[105]</a> When it is installed, it first checks the device's system language. If the language is Russian or Eastern-European, Fusob remains dormant. Otherwise, it locks the device and demands ransom. About 40% of victims are in Germany, while the United Kingdom encompasses 14.5% of victims and the US encompasses 11.4%. Fusob and Small (another family of ransomware) represented over 93% of mobile ransomware between 2015 and 2016. <div class="mw-heading mw-heading3"><h3 id="WannaCry">WannaCry</h3>[<a href="/w/index.php?title=Ransomware&action=edit&section=15" title="Edit section: WannaCry">edit</a>]</div> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1236090951"><div role="note" class="hatnote navigation-not-searchable">Main article: <a href="/wiki/WannaCry_ransomware_attack" title="WannaCry ransomware attack">WannaCry ransomware attack</a></div> In May 2017, the <a href="/wiki/WannaCry_ransomware_attack" title="WannaCry ransomware attack">WannaCry ransomware attack</a> spread through the Internet, using an exploit vector named <a href="/wiki/EternalBlue" title="EternalBlue">EternalBlue</a>, which was allegedly leaked from the U.S. <a href="/wiki/National_Security_Agency" title="National Security Agency">National Security Agency</a>. The ransomware attack, unprecedented in scale,<a href="#cite_note-:3-106">[106]</a> infected more than 230,000 computers in over 150 countries,<a href="#cite_note-cnbc1-107">[107]</a> using 20 different languages to demand money from users using <a href="/wiki/Bitcoin" title="Bitcoin">Bitcoin</a> cryptocurrency. WannaCry demanded US$300 per computer.<a href="#cite_note-XdMPF-108">[108]</a> The attack affected <a href="/wiki/Telef%C3%B3nica" title="Telefónica">Telefónica</a> and several other large companies in Spain, as well as parts of the British <a href="/wiki/National_Health_Service" title="National Health Service">National Health Service</a> (NHS), where at least 16 hospitals had to turn away patients or cancel scheduled operations,<a href="#cite_note-SR6W5-109">[109]</a> <a href="/wiki/FedEx" title="FedEx">FedEx</a>, <a href="/wiki/Deutsche_Bahn" title="Deutsche Bahn">Deutsche Bahn</a>, <a href="/wiki/Honda" title="Honda">Honda</a>,<a href="#cite_note-QH5LF-110">[110]</a> <a href="/wiki/Renault" title="Renault">Renault</a>, as well as the <a href="/wiki/Ministry_of_Internal_Affairs_(Russia)" title="Ministry of Internal Affairs (Russia)">Russian Interior Ministry</a> and Russian telecom <a href="/wiki/MegaFon" title="MegaFon">MegaFon</a>.<a href="#cite_note-pUvxl-111">[111]</a> The attackers gave their victims a 7-day deadline from the day their computers got infected, after which the encrypted files would be deleted.<a href="#cite_note-vgdfz-112">[112]</a> <div class="mw-heading mw-heading3"><h3 id="Petya">Petya</h3>[<a href="/w/index.php?title=Ransomware&action=edit&section=16" title="Edit section: Petya">edit</a>]</div> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1236090951"><div role="note" class="hatnote navigation-not-searchable">Main article: <a href="/wiki/Petya_(malware)" class="mw-redirect" title="Petya (malware)">Petya (malware)</a></div> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1236090951"><div role="note" class="hatnote navigation-not-searchable">See also: <a href="/wiki/2017_cyberattacks_on_Ukraine" class="mw-redirect" title="2017 cyberattacks on Ukraine">2017 cyberattacks on Ukraine</a></div> Petya was first discovered in March 2016; unlike other forms of encrypting ransomware, the malware aimed to infect the <a href="/wiki/Master_boot_record" title="Master boot record">master boot record</a>, installing a payload which encrypts the file tables of the <a href="/wiki/NTFS" title="NTFS">NTFS</a> file system the next time that the infected system boots, blocking the system from booting into Windows at all until the ransom is paid. <a href="/wiki/Check_Point" title="Check Point">Check Point</a> reported that despite what it believed to be an innovative evolution in ransomware design, it had resulted in relatively-fewer infections than other ransomware active around the same time frame.<a href="#cite_note-nw-petyadouble-113">[113]</a> On 27 June 2017, a heavily modified version of Petya was used for a global cyberattack primarily targeting <a href="/wiki/Ukraine" title="Ukraine">Ukraine</a> (but affecting many countries<a href="#cite_note-pj7dV-114">[114]</a>). This version had been modified to propagate using the same EternalBlue exploit that was used by WannaCry. Due to another design change, it is also unable to actually unlock a system after the ransom is paid; this led to security analysts speculating that the attack was not meant to generate illicit profit, but to simply cause disruption.<a href="#cite_note-ars-wiper-115">[115]</a><a href="#cite_note-BBCPMdc-116">[116]</a> <div class="mw-heading mw-heading3"><h3 id="Bad_Rabbit">Bad Rabbit</h3>[<a href="/w/index.php?title=Ransomware&action=edit&section=17" title="Edit section: Bad Rabbit">edit</a>]</div> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1236090951"><div role="note" class="hatnote navigation-not-searchable">"Bad Rabbit" redirects here. For the band, see <a href="/wiki/Bad_Rabbits" title="Bad Rabbits">Bad Rabbits</a>. For the computer worm, see <a href="/wiki/Badbunny" title="Badbunny">Badbunny</a>.</div> On 24 October 2017, some users in <a href="/wiki/Russia" title="Russia">Russia</a> and Ukraine reported a new ransomware attack, named "Bad Rabbit", which follows a similar pattern to WannaCry and Petya by encrypting the user's file tables and then demands a Bitcoin payment to decrypt them. <a href="/wiki/ESET" title="ESET">ESET</a> believed the ransomware to have been distributed by a bogus update to <a href="/wiki/Adobe_Flash" title="Adobe Flash">Adobe Flash</a> software.<a href="#cite_note-s0U5I-117">[117]</a> Among agencies that were affected by the ransomware were: <a href="/wiki/Interfax" title="Interfax">Interfax</a>, <a href="/wiki/Odesa_International_Airport" title="Odesa International Airport">Odesa International Airport</a>, <a href="/wiki/Kyiv_Metro" title="Kyiv Metro">Kyiv Metro</a>, and the Ministry of Infrastructure of Ukraine.<a href="#cite_note-x5Sa9-118">[118]</a> As it used corporate network structures to spread, the ransomware was also discovered in other countries, including Turkey, Germany, Poland, Japan, South Korea, and the United States.<a href="#cite_note-cnn_badrabbit-119">[119]</a> Experts believed the ransomware attack was tied to the Petya attack in Ukraine (especially because Bad Rabbit's code has many overlapping and analogical elements to the code of Petya/NotPetya,<a href="#cite_note-ExXCs-120">[120]</a> appending to CrowdStrike Bad Rabbit and NotPetya's dynamic link library (DLL) share 67 percent of the same code<a href="#cite_note-8uHtf-121">[121]</a>) though the only identity to the culprits are the names of characters from the <a href="/wiki/Game_of_Thrones" title="Game of Thrones">Game of Thrones</a> series embedded within the code.<a href="#cite_note-cnn_badrabbit-119">[119]</a> Security experts found that the ransomware did not use the EternalBlue exploit to spread, and a simple method to inoculate an unaffected machine running older Windows versions was found by 24 October 2017.<a href="#cite_note-9xGE6-122">[122]</a><a href="#cite_note-5B1fR-123">[123]</a> Further, the sites that had been used to spread the bogus Flash updating have gone offline or removed the problematic files within a few days of its discovery, effectively killing off the spread of Bad Rabbit.<a href="#cite_note-cnn_badrabbit-119">[119]</a> <div class="mw-heading mw-heading3"><h3 id="SamSam">SamSam</h3>[<a href="/w/index.php?title=Ransomware&action=edit&section=18" title="Edit section: SamSam">edit</a>]</div> In 2016, a new strain of ransomware emerged that was targeting <a href="/wiki/WildFly" title="WildFly">JBoss</a> servers.<a href="#cite_note-B7U50-124">[124]</a> This strain, named "<a href="/w/index.php?title=SamSam_(malware)&action=edit&redlink=1" class="new" title="SamSam (malware) (page does not exist)">SamSam</a>", was found to bypass the process of phishing or illicit downloads in favor of exploiting vulnerabilities on weak servers.<a href="#cite_note-Barkley-125">[125]</a> The malware uses a <a href="/wiki/Remote_Desktop_Protocol" title="Remote Desktop Protocol">Remote Desktop Protocol</a> <a href="/wiki/Brute-force_attack" title="Brute-force attack">brute-force attack</a> to guess weak passwords until one is broken. The virus has been behind attacks on government and healthcare targets, with notable hacks occurring against the town of <a href="/wiki/Farmington,_New_Mexico" title="Farmington, New Mexico">Farmington, New Mexico</a>, the <a href="/wiki/Colorado_Department_of_Transportation" title="Colorado Department of Transportation">Colorado Department of Transportation</a>, <a href="/wiki/Davidson_County,_North_Carolina" title="Davidson County, North Carolina">Davidson County, North Carolina</a>, and most recently,[<a href="/wiki/Wikipedia:Manual_of_Style/Dates_and_numbers#Chronological_items" title="Wikipedia:Manual of Style/Dates and numbers">when?</a>] a <a href="/wiki/Atlanta_government_ransomware_attack" title="Atlanta government ransomware attack">ransomware attack</a> on the infrastructure of <a href="/wiki/Atlanta" title="Atlanta">Atlanta</a>.<a href="#cite_note-Barkley-125">[125]</a> Mohammad Mehdi Shah Mansouri (born in <a href="/wiki/Qom" title="Qom">Qom</a>, <a href="/wiki/Iran" title="Iran">Iran</a> in 1991) and Faramarz Shahi Savandi (born in <a href="/wiki/Shiraz" title="Shiraz">Shiraz</a>, <a href="/wiki/Iran" title="Iran">Iran</a>, in 1984) are wanted by the <a href="/wiki/FBI" class="mw-redirect" title="FBI">FBI</a> for allegedly launching SamSam ransomware.<a href="#cite_note-pPjwC-126">[126]</a> The two have allegedly made $6 million from extortion and caused over $30 million in damages using the malware.<a href="#cite_note-SamSam_DOJ_release-127">[127]</a> <div class="mw-heading mw-heading3"><h3 id="DarkSide">DarkSide</h3>[<a href="/w/index.php?title=Ransomware&action=edit&section=19" title="Edit section: DarkSide">edit</a>]</div> On May 7, 2021, a cyberattack was executed on the US Colonial Pipeline. The <a href="/wiki/Federal_Bureau_of_Investigation" title="Federal Bureau of Investigation">Federal Bureau of Investigation</a> identified <a href="/wiki/DarkSide_(hacking_group)" class="mw-redirect" title="DarkSide (hacking group)">DarkSide</a> as the perpetrator of the <a href="/wiki/Colonial_Pipeline_cyberattack" class="mw-redirect" title="Colonial Pipeline cyberattack">Colonial Pipeline ransomware attack</a>, perpetrated by <a href="/wiki/Malicious_code" class="mw-redirect" title="Malicious code">malicious code</a>, that led to a voluntary shutdown of the main pipeline supplying 45% of fuel to the <a href="/wiki/East_Coast_of_the_United_States" title="East Coast of the United States">East Coast of the United States</a>. The attack was described as the worst cyberattack to date on the U.S. <a href="/wiki/Critical_infrastructure" title="Critical infrastructure">critical infrastructure</a>. DarkSide successfully extorted about 75 <a href="/wiki/Bitcoin" title="Bitcoin">Bitcoin</a> (almost US$5 million) from Colonial Pipeline. U.S. officials are investigating whether the attack was purely criminal or took place with the involvement of the Russian government or another state sponsor. Following the attack, DarkSide posted a statement claiming that "We are apolitical, we do not participate in <a href="/wiki/Geopolitics" title="Geopolitics">geopolitics</a>...Our goal is to make money and not creating problems for society." In May 2021, the FBI and <a href="/wiki/Cybersecurity_and_Infrastructure_Security_Agency" title="Cybersecurity and Infrastructure Security Agency">Cybersecurity and Infrastructure Security Agency</a> (CISA) issued a joint alert urging the owners and operators of critical infrastructure to take certain steps to reduce their vulnerability to DarkSide ransomware and ransomware in general. <div class="mw-heading mw-heading3"><h3 id="Syskey">Syskey</h3>[<a href="/w/index.php?title=Ransomware&action=edit&section=20" title="Edit section: Syskey">edit</a>]</div> <a href="/wiki/Syskey" title="Syskey">Syskey</a> is a utility that was included with <a href="/wiki/Windows_NT" title="Windows NT">Windows NT</a>-based operating systems to encrypt the <a href="/wiki/Security_Account_Manager" title="Security Account Manager">user account database</a>, optionally with a password. The tool has sometimes been effectively used as ransomware during <a href="/wiki/Technical_support_scam" title="Technical support scam">technical support scams</a>—where a caller with remote access to the computer may use the tool to lock the user out of their computer with a password known only to them.<a href="#cite_note-utYCU-128">[128]</a> Syskey was removed from later versions of <a href="/wiki/Windows_10" title="Windows 10">Windows 10</a> and <a href="/wiki/Windows_Server" title="Windows Server">Windows Server</a> in 2017, due to being obsolete and "known to be used by hackers as part of ransomware scams".<a href="#cite_note-lR0Oo-129">[129]</a><a href="#cite_note-f5ckp-130">[130]</a> <div class="mw-heading mw-heading3"><h3 id="Ransomware-as-a-service">Ransomware-as-a-service</h3>[<a href="/w/index.php?title=Ransomware&action=edit&section=21" title="Edit section: Ransomware-as-a-service">edit</a>]</div> Ransomware-as-a-service (RaaS) became a notable method after the Russia-based<a href="#cite_note-131">[131]</a> or Russian-speaking<a href="#cite_note-132">[132]</a> group <a href="/wiki/REvil" title="REvil">REvil</a> staged operations against several targets, including the Brazil-based <a href="/wiki/JBS_S.A._cyberattack" class="mw-redirect" title="JBS S.A. cyberattack">JBS S.A.</a> in May 2021, and the US-based <a href="/wiki/Kaseya_VSA_ransomware_attack" title="Kaseya VSA ransomware attack">Kaseya Limited</a> in July 2021.<a href="#cite_note-133">[133]</a> After a July 9, 2021 phone call between United States president <a href="/wiki/Joe_Biden" title="Joe Biden">Joe Biden</a> and Russian president <a href="/wiki/Vladimir_Putin" title="Vladimir Putin">Vladimir Putin</a>, Biden told the press, "I made it very clear to him that the United States expects when a ransomware operation is coming from his soil even though it’s not sponsored by the state, we expect them to act if we give them enough information to act on who that is." Biden later added that the United States would take the group's servers down if Putin did not.<a href="#cite_note-134">[134]</a><a href="#cite_note-135">[135]</a> Four days later, REvil websites and other infrastructure vanished from the internet.<a href="#cite_note-Vanishes-136">[136]</a> <div class="mw-heading mw-heading2"><h2 id="Mitigation">Mitigation</h2>[<a href="/w/index.php?title=Ransomware&action=edit&section=22" title="Edit section: Mitigation">edit</a>]</div> If an attack is suspected or detected in its early stages, it takes some time for encryption to take place; immediate removal of the malware (a relatively simple process) before it has completed would stop further damage to data, without salvaging any already lost.<a href="#cite_note-malwarebytes-137">[137]</a><a href="#cite_note-register-138">[138]</a> Security experts have suggested precautionary measures for dealing with ransomware. Using software or other security policies to block known payloads from launching will help to prevent infection, but will not protect against all attacks<a href="#cite_note-ars-cryptolocker-27">[27]</a><a href="#cite_note-securityweek131119-139">[139]</a> As such, having a proper <a href="/wiki/Backup" title="Backup">backup</a> solution is a critical component to defending against ransomware. Note that, because many ransomware attackers will not only encrypt the victim's live machine but it will also attempt to delete any hot backups stored locally or on accessible over the network on a <a href="/wiki/Network-attached_storage" title="Network-attached storage">NAS</a>, it is also critical to maintain "offline" <a href="/wiki/Backup" title="Backup">backups</a> of data <a href="/wiki/Storage_security" title="Storage security">stored in locations inaccessible from any potentially infected computer</a>, such as external storage drives or devices that <a href="/wiki/Air_gap_(networking)" title="Air gap (networking)">do not have any access to any network (including the Internet)</a>, prevents them from being accessed by the ransomware. Moreover, if using a NAS or <a href="/wiki/Cloud_storage" title="Cloud storage">Cloud storage</a>, then the computer should have <a href="/wiki/Append-only" title="Append-only">append-only</a> permission to the destination storage, such that it cannot delete or overwrite previous backups. According to <a href="/wiki/Comodo_Group" class="mw-redirect" title="Comodo Group">comodo</a>, applying two <a href="/wiki/Attack_Surface" class="mw-redirect" title="Attack Surface">Attack Surface</a> Reduction on <a href="/wiki/Operating_system" title="Operating system">OS</a>/<a href="/wiki/Kernel_(operating_system)" title="Kernel (operating system)">Kernel</a> provides a materially-reduced attack surface which results in a heightened security posture.<a href="#cite_note-comodo-140">[140]</a><a href="#cite_note-Microsoft-141">[141]</a><a href="#cite_note-security-142">[142]</a> Installing security <a href="/wiki/Patch_(computing)" title="Patch (computing)">updates</a> issued by software vendors can mitigate the <a href="/wiki/Vulnerability_(computing)" class="mw-redirect" title="Vulnerability (computing)">vulnerabilities</a> leveraged by certain strains to propagate.<a href="#cite_note-9ZQll-143">[143]</a><a href="#cite_note-79rIM-144">[144]</a><a href="#cite_note-QMbFF-145">[145]</a><a href="#cite_note-Fo2QN-146">[146]</a><a href="#cite_note-ecot-147">[147]</a> Other measures include <a href="/wiki/Cyber_hygiene" class="mw-redirect" title="Cyber hygiene">cyber hygiene</a> − exercising caution when opening <a href="/wiki/E-mail_attachment" class="mw-redirect" title="E-mail attachment">e-mail attachments</a> and links, <a href="/wiki/Network_segmentation" title="Network segmentation">network segmentation</a>, and keeping critical computers isolated from networks.<a href="#cite_note-TpOx8-148">[148]</a><a href="#cite_note-dAeHq-149">[149]</a> Furthermore, to mitigate the spread of ransomware measures of <a href="/wiki/Infection_control" class="mw-redirect" title="Infection control">infection control</a> can be applied.<a href="#cite_note-chang-150">[150]</a> Such may include disconnecting infected machines from all networks, educational programs,<a href="#cite_note-RGPV7-151">[151]</a> effective communication channels, malware surveillance[<a href="/wiki/Wikipedia:No_original_research" title="Wikipedia:No original research">original research?</a>] and ways of collective participation<a href="#cite_note-chang-150">[150]</a> In August 2021, the <a href="/wiki/Cybersecurity_and_Infrastructure_Security_Agency_Act" title="Cybersecurity and Infrastructure Security Agency Act">Cybersecurity and Infrastructure Security Agency (CISA)</a> released a report that provided guidance for how to mitigate ransomware attacks. This was due to a significant jump in recent attacks related to ransomware. These attacks included aggression against a US pipeline company and a software company, which impacted the downstream customers of <a href="/wiki/Managed_Service_Providers" class="mw-redirect" title="Managed Service Providers">MSPs</a>.<a href="#cite_note-CIS_1-152">[152]</a> <a href="/wiki/Write_Once_Read_Many" class="mw-redirect" title="Write Once Read Many">Write Once Read Many</a> (WORM) storage, such as many optical disc formats are virtually immune to ransomware since its contents cannot be changed or deleted. However data cannot be deleted in any way making it impractical for many storage due to privacy laws and other content laws, the only way is to copy it to a new WORM disk minus the unwanted files, then destroy the original copy. <div class="mw-heading mw-heading3"><h3 id="File_system_defenses_against_ransomware">File system defenses against ransomware</h3>[<a href="/w/index.php?title=Ransomware&action=edit&section=23" title="Edit section: File system defenses against ransomware">edit</a>]</div> A number of file systems keep snapshots of the data they hold, which can be used to recover the contents of files from a time prior to the ransomware attack in the event the ransomware does not disable it. <dl><dd><ul><li>On Windows, the <a href="/wiki/Volume_shadow_copy" class="mw-redirect" title="Volume shadow copy">Volume shadow copy</a> (VSS) is often used to store backups of data; ransomware often targets these snapshots to prevent recovery and therefore it is often advisable to disable user access to the user tool VSSadmin.exe to reduce the risk that ransomware can disable or delete past copies.</li> <li>On Windows 10, users can add specific directories or files to Controlled Folder Access in Windows Defender to protect them from ransomware.<a href="#cite_note-EhTld-153">[153]</a> It is advised to add backup and other important directories to Controlled Folder Access.</li> <li>Unless malware gains root on the ZFS host system in deploying an attack coded to issue ZFS administrative commands, file servers running <a href="/wiki/ZFS" title="ZFS">ZFS</a> are broadly immune to ransomware, because ZFS is capable of snapshotting even a large file system many times an hour, and these snapshots are immutable (read only) and easily rolled back or files recovered in the event of data corruption.<a href="#cite_note-NFIWj-154">[154]</a> In general, only an administrator can delete (but cannot modify) snapshots.</li></ul></dd></dl> <div class="mw-heading mw-heading3"><h3 id="File_decryption_and_recovery">File decryption and recovery</h3>[<a href="/w/index.php?title=Ransomware&action=edit&section=24" title="Edit section: File decryption and recovery">edit</a>]</div> There are a number of tools intended specifically to decrypt files locked by ransomware, although successful recovery may not be possible.<a href="#cite_note-schofield-2">[2]</a><a href="#cite_note-hAZRL-155">[155]</a> If the same encryption key is used for all files, decryption tools use files for which there are both uncorrupted backups and encrypted copies (a <a href="/wiki/Known-plaintext_attack" title="Known-plaintext attack">known-plaintext attack</a> in the jargon of <a href="/wiki/Cryptanalysis" title="Cryptanalysis">cryptanalysis</a>. But it only works when the cipher the attacker used was weak to begin with, being vulnerable to known-plaintext attack); recovery of the key, if it is possible, may take several days.<a href="#cite_note-V6K3w-156">[156]</a> Free ransomware decryption tools can help decrypt files encrypted by the following forms of ransomware: AES_NI, Alcatraz Locker, Apocalypse, BadBlock, Bart, BTCWare, Crypt888, CryptoMix, CrySiS, EncrypTile, FindZip, Globe, <a href="/wiki/Hidden_Tear" title="Hidden Tear">Hidden Tear</a>, Jigsaw, LambdaLocker, Legion, NoobCrypt, Stampado, SZFLocker, <a href="/wiki/TeslaCrypt" title="TeslaCrypt">TeslaCrypt</a>, XData.<a href="#cite_note-Bf057-157">[157]</a> Ransomware encryption that has been cracked by security researchers is typically abandoned for criminal purposes; thus in practice most attacks cannot be reverted by breaking encryption.<a href="#cite_note-ProPublica-158">[158]</a> The No More Ransom Project is an initiative by the <a href="/wiki/National_Police_Corps_(Netherlands)" title="National Police Corps (Netherlands)">Netherlands' police</a>'s National High Tech Crime Unit, <a href="/wiki/Europol" title="Europol">Europol</a>’s <a href="/wiki/European_Cybercrime_Centre" title="European Cybercrime Centre">European Cybercrime Centre</a>, <a href="/wiki/Kaspersky_Lab" title="Kaspersky Lab">Kaspersky Lab</a> and <a href="/wiki/McAfee" title="McAfee">McAfee</a> to help ransomware victims recover their data without paying a ransom.<a href="#cite_note-159">[159]</a> They offer a free CryptoSheriff tool to analyze encrypted files and search for decryption tools.<a href="#cite_note-160">[160]</a>[<a href="/wiki/Wikipedia:Independent_sources" title="Wikipedia:Independent sources">independent source needed</a>] In addition, old copies of files may exist on the disk, which has been previously deleted. In some cases, these deleted versions may still be recoverable using <a href="/wiki/Data_recovery#List_of_data_recovery_software" title="Data recovery">software designed for that purpose</a>. A 2019 <a href="/wiki/ProPublica" title="ProPublica">ProPublica</a> investigation found the cybersecurity firms Proven Data Recovery and Monstercloud, which advertised ransom-free decryption services, would typically simply pay the ransom and charge the victim a higher price.<a href="#cite_note-ProPublica-158">[158]</a> SamSam hackers dealt with Proven Data so frequently that they would recommend the company to victims having technical difficulties making payment.<a href="#cite_note-ProPublica-158">[158]</a> Other companies like Coveware were more transparent in offering the service of paying the hackers and patching insecure systems.<a href="#cite_note-ProPublica-158">[158]</a> Many American victims found the ransom amount was too low to meet the <a href="/wiki/United_States_Department_of_Justice" title="United States Department of Justice">United States Department of Justice</a> threshold for federal involvement, but that local police lacked the technical capabilities to help and were often victims themselves.<a href="#cite_note-ProPublica-158">[158]</a> <div class="mw-heading mw-heading2"><h2 id="Criminal_arrests_and_convictions">Criminal arrests and convictions</h2>[<a href="/w/index.php?title=Ransomware&action=edit&section=25" title="Edit section: Criminal arrests and convictions">edit</a>]</div> <style data-mw-deduplicate="TemplateStyles:r1251242444">.mw-parser-output .ambox{border:1px solid #a2a9b1;border-left:10px solid #36c;background-color:#fbfbfb;box-sizing:border-box}.mw-parser-output .ambox+link+.ambox,.mw-parser-output .ambox+link+style+.ambox,.mw-parser-output .ambox+link+link+.ambox,.mw-parser-output .ambox+.mw-empty-elt+link+.ambox,.mw-parser-output .ambox+.mw-empty-elt+link+style+.ambox,.mw-parser-output .ambox+.mw-empty-elt+link+link+.ambox{margin-top:-1px}html body.mediawiki .mw-parser-output .ambox.mbox-small-left{margin:4px 1em 4px 0;overflow:hidden;width:238px;border-collapse:collapse;font-size:88%;line-height:1.25em}.mw-parser-output .ambox-speedy{border-left:10px solid #b32424;background-color:#fee7e6}.mw-parser-output .ambox-delete{border-left:10px solid #b32424}.mw-parser-output .ambox-content{border-left:10px solid #f28500}.mw-parser-output .ambox-style{border-left:10px solid #fc3}.mw-parser-output .ambox-move{border-left:10px solid #9932cc}.mw-parser-output .ambox-protection{border-left:10px solid #a2a9b1}.mw-parser-output .ambox .mbox-text{border:none;padding:0.25em 0.5em;width:100%}.mw-parser-output .ambox .mbox-image{border:none;padding:2px 0 2px 0.5em;text-align:center}.mw-parser-output .ambox .mbox-imageright{border:none;padding:2px 0.5em 2px 0;text-align:center}.mw-parser-output .ambox .mbox-empty-cell{border:none;padding:0;width:1px}.mw-parser-output .ambox .mbox-image-div{width:52px}@media(min-width:720px){.mw-parser-output .ambox{margin:0 10%}}@media print{body.ns-0 .mw-parser-output .ambox{display:none!important}}</style><table class="box-Expand_section plainlinks metadata ambox mbox-small-left ambox-content" role="presentation"><tbody><tr><td class="mbox-image"><a href="/wiki/File:Wiki_letter_w_cropped.svg" class="mw-file-description"><img alt="[icon]" src="//upload.wikimedia.org/wikipedia/commons/thumb/1/1c/Wiki_letter_w_cropped.svg/20px-Wiki_letter_w_cropped.svg.png" decoding="async" width="20" height="14" class="mw-file-element" srcset="//upload.wikimedia.org/wikipedia/commons/thumb/1/1c/Wiki_letter_w_cropped.svg/30px-Wiki_letter_w_cropped.svg.png 1.5x, //upload.wikimedia.org/wikipedia/commons/thumb/1/1c/Wiki_letter_w_cropped.svg/40px-Wiki_letter_w_cropped.svg.png 2x" data-file-width="44" data-file-height="31" /></a></td><td class="mbox-text"><div class="mbox-text-span">This section needs expansion. You can help by <a class="external text" href="https://en.wikipedia.org/w/index.php?title=Ransomware&action=edit&section=">adding to it</a>. (February 2025)</div></td></tr></tbody></table> <div class="mw-heading mw-heading3"><h3 id="Zain_Qaiser">Zain Qaiser</h3>[<a href="/w/index.php?title=Ransomware&action=edit&section=26" title="Edit section: Zain Qaiser">edit</a>]</div> A British student, Zain Qaiser, from Barking, London was jailed for more than six years at <a href="/wiki/Kingston_upon_Thames_Crown_Court" title="Kingston upon Thames Crown Court">Kingston upon Thames Crown Court</a> for his ransomware attacks in 2019.<a href="#cite_note-fWg6u-161">[161]</a> He is said to have been "the most prolific cyber criminal to be sentenced in the UK". He became active at the age of 17. He contacted the Russian controller of one of the most powerful attacks, believed to be the Lurk malware gang, and arranged for a split of his profits. He also contacted online criminals from China and the US to move the money.<a href="#cite_note-fWg6u-161">[161]</a> For about one and a half years, he posed as a legitimate supplier of online promotions of book advertising on some of the world's most visited legal pornography websites. Each of the adverts that were promoted on the websites contained the <a href="/wiki/FBI_MoneyPak_Ransomware" title="FBI MoneyPak Ransomware">Reveton Ransomware</a> strain of the malicious Angler Exploit Kit (AEK)<a href="#cite_note-KW8uM-162">[162]</a> that seized control of the machine. Investigators discovered about £700,000 of earnings, although his network may have earned more than £4m. He may have hidden some money using cryptocurrencies. The ransomware would instruct victims to buy <a href="/wiki/MoneyPak" class="mw-redirect" title="MoneyPak">GreenDot MoneyPak</a> vouchers and enter the code in the Reveton panel displayed on the screen. This money entered a MoneyPak account managed by Qaiser, who would then deposit the voucher payments into the debit card account of his American co-conspirator, Raymond Odigie Uadiale. Uadiale was a student at <a href="/wiki/Florida_International_University" title="Florida International University">Florida International University</a> during 2012 and 2013 and later worked for Microsoft. Uadiale would convert the money into <a href="/wiki/Liberty_Reserve" title="Liberty Reserve">Liberty Reserve</a> digital currency and deposit it into Qaiser's Liberty Reserve account.<a href="#cite_note-lHdGY-163">[163]</a> A breakthrough, in this case, occurred in May 2013 when authorities from several countries seized the Liberty Reserve servers, obtaining access to all its transactions and account history. Qaiser was running encrypted virtual machines on his Macbook Pro with both Mac and Windows operating systems.<a href="#cite_note-uBW5w-164">[164]</a> He could not be tried earlier because he was sectioned (involuntarily committed) under the UK Mental Health Act of 1983 at <a href="/wiki/Goodmayes_Hospital" title="Goodmayes Hospital">Goodmayes Hospital</a> where he was found to be using the hospital Wi-Fi to access his advertising sites. His lawyer claimed that Qaiser had suffered from mental illness.<a href="#cite_note-fWg6u-161">[161]</a> Russian police arrested 50 members of the Lurk malware gang in June 2016.<a href="#cite_note-m82Cr-165">[165]</a> Uadiale, a naturalized US citizen of Nigerian descent, was jailed for 18 months.<a href="#cite_note-2eQbY-166">[166]</a> <div class="mw-heading mw-heading2"><h2 id="Legal_aspects">Legal aspects</h2>[<a href="/w/index.php?title=Ransomware&action=edit&section=27" title="Edit section: Legal aspects">edit</a>]</div> The publication of proof-of-concept attack code is common among academic researchers and vulnerability researchers. It teaches the nature of the threat, conveys the gravity of the issues, and enables countermeasures to be devised and put into place. However, lawmakers with the support of law-enforcement bodies are contemplating making the creation of ransomware illegal. In the state of Maryland, the original draft of HB 340 made it a felony to create ransomware, punishable by up to 10 years in prison.<a href="#cite_note-hb340-167">[167]</a> A minor in Japan was arrested for creating and distributing ransomware code.<a href="#cite_note-jransomware-168">[168]</a> <div class="mw-heading mw-heading2"><h2 id="See_also">See also</h2>[<a href="/w/index.php?title=Ransomware&action=edit&section=28" title="Edit section: See also">edit</a>]</div> <style data-mw-deduplicate="TemplateStyles:r1184024115">.mw-parser-output .div-col{margin-top:0.3em;column-width:30em}.mw-parser-output .div-col-small{font-size:90%}.mw-parser-output .div-col-rules{column-rule:1px solid #aaa}.mw-parser-output .div-col dl,.mw-parser-output .div-col ol,.mw-parser-output .div-col ul{margin-top:0}.mw-parser-output .div-col li,.mw-parser-output .div-col dd{page-break-inside:avoid;break-inside:avoid-column}</style><div class="div-col"> <ul><li><a href="/wiki/Colonial_Pipeline_ransomware_attack" title="Colonial Pipeline ransomware attack">Colonial Pipeline ransomware attack</a> – Ransomware attack on American oil pipeline system</li> <li><a href="/wiki/BlueKeep_(security_vulnerability)" class="mw-redirect" title="BlueKeep (security vulnerability)">BlueKeep (security vulnerability)</a> – Windows security holePages displaying short descriptions of redirect targets</li> <li><a href="/wiki/Brinkmanship" title="Brinkmanship">Brinkmanship</a> – Political and military tactic</li> <li><a href="/wiki/Hitler-Ransomware" title="Hitler-Ransomware">Hitler-Ransomware</a> – Form of ransomware</li> <li><a href="/wiki/Jigsaw_(ransomware)" title="Jigsaw (ransomware)">Jigsaw (ransomware)</a> – Encrypting ransomware created in 2016</li> <li><a href="/wiki/Append-only" title="Append-only">Append-only</a> – Property of computer data storage</li> <li><a href="/wiki/Riskware" title="Riskware">Riskware</a> – Software that poses a risk to a host computer</li> <li><a href="/wiki/Ryuk_(ransomware)" title="Ryuk (ransomware)">Ryuk (ransomware)</a> – Type of ransomware</li> <li><a href="/wiki/Reliability_engineering" title="Reliability engineering">Reliability engineering</a> – Sub-discipline of systems engineering that emphasizes dependability</li> <li><a href="/wiki/Air_gap_(networking)" title="Air gap (networking)">Air gap (networking)</a> – Network security measure</li> <li><a href="/wiki/Data_redundancy" title="Data redundancy">Data redundancy</a> – presence of data additional to the actual data that may permit correction of errors in stored or transmitted dataPages displaying wikidata descriptions as a fallback</li> <li><a href="/wiki/Fault_tolerance" title="Fault tolerance">Fault tolerance</a> – Resilience of systems to component failures or errors</li> <li><a href="/wiki/Reliability_(computer_networking)" title="Reliability (computer networking)">Reliability (computer networking)</a> – Protocol acknowledgement capability</li> <li><a href="/wiki/Unidirectional_network" title="Unidirectional network">Unidirectional network</a> – Network device that permits data flow in only one direction</li> <li><a href="/wiki/Fault-tolerant_computer_system" class="mw-redirect" title="Fault-tolerant computer system">fault-tolerant computer system</a> – Resilience of systems to component failures or errorsPages displaying short descriptions of redirect targets</li> <li><a href="/wiki/Byzantine_fault" title="Byzantine fault">Byzantine fault</a> – Fault in a computer system that presents different symptoms to different observers</li> <li><a href="/wiki/Quantum_Byzantine_agreement" title="Quantum Byzantine agreement">Quantum Byzantine agreement</a> – Quantum version of the Byzantine agreement protocol</li> <li><a href="/wiki/Two_Generals%27_Problem" title="Two Generals' Problem">Two Generals' Problem</a> – Thought experiment</li> <li><a href="/wiki/The_Ransomware_Hunting_Team" title="The Ransomware Hunting Team">The Ransomware Hunting Team</a> – 2022 nonfiction book by Renee Dudley and Daniel Golden</li> <li><a href="/wiki/Initial_access_broker" title="Initial access broker">Initial access broker</a> – Hacker selling access to hacked computers</li></ul> </div> <div class="mw-heading mw-heading2"><h2 id="References">References</h2>[<a href="/w/index.php?title=Ransomware&action=edit&section=29" title="Edit section: References">edit</a>]</div> <style data-mw-deduplicate="TemplateStyles:r1239543626">.mw-parser-output .reflist{margin-bottom:0.5em;list-style-type:decimal}@media screen{.mw-parser-output .reflist{font-size:90%}}.mw-parser-output .reflist .references{font-size:100%;margin-bottom:0;list-style-type:inherit}.mw-parser-output .reflist-columns-2{column-width:30em}.mw-parser-output .reflist-columns-3{column-width:25em}.mw-parser-output .reflist-columns{margin-top:0.3em}.mw-parser-output .reflist-columns ol{margin-top:0}.mw-parser-output .reflist-columns li{page-break-inside:avoid;break-inside:avoid-column}.mw-parser-output .reflist-upper-alpha{list-style-type:upper-alpha}.mw-parser-output .reflist-upper-roman{list-style-type:upper-roman}.mw-parser-output .reflist-lower-alpha{list-style-type:lower-alpha}.mw-parser-output .reflist-lower-greek{list-style-type:lower-greek}.mw-parser-output .reflist-lower-roman{list-style-type:lower-roman}</style><div class="reflist"> <div class="mw-references-wrap mw-references-columns"><ol class="references"> <li id="cite_note-young-1">^ <a href="#cite_ref-young_1-0">a</a> <a href="#cite_ref-young_1-1">b</a> <a href="#cite_ref-young_1-2">c</a> <a href="#cite_ref-young_1-3">d</a> <a href="#cite_ref-young_1-4">e</a> <a href="#cite_ref-young_1-5">f</a> <a href="#cite_ref-young_1-6">g</a> <style data-mw-deduplicate="TemplateStyles:r1238218222">.mw-parser-output cite.citation{font-style:inherit;word-wrap:break-word}.mw-parser-output .citation q{quotes:"\"""\"""'""'"}.mw-parser-output .citation:target{background-color:rgba(0,127,255,0.133)}.mw-parser-output .id-lock-free.id-lock-free a{background:url("//upload.wikimedia.org/wikipedia/commons/6/65/Lock-green.svg")right 0.1em center/9px no-repeat}.mw-parser-output .id-lock-limited.id-lock-limited a,.mw-parser-output .id-lock-registration.id-lock-registration a{background:url("//upload.wikimedia.org/wikipedia/commons/d/d6/Lock-gray-alt-2.svg")right 0.1em center/9px no-repeat}.mw-parser-output .id-lock-subscription.id-lock-subscription a{background:url("//upload.wikimedia.org/wikipedia/commons/a/aa/Lock-red-alt-2.svg")right 0.1em center/9px no-repeat}.mw-parser-output .cs1-ws-icon a{background:url("//upload.wikimedia.org/wikipedia/commons/4/4c/Wikisource-logo.svg")right 0.1em center/12px no-repeat}body:not(.skin-timeless):not(.skin-minerva) .mw-parser-output .id-lock-free a,body:not(.skin-timeless):not(.skin-minerva) .mw-parser-output .id-lock-limited a,body:not(.skin-timeless):not(.skin-minerva) .mw-parser-output .id-lock-registration a,body:not(.skin-timeless):not(.skin-minerva) .mw-parser-output .id-lock-subscription a,body:not(.skin-timeless):not(.skin-minerva) .mw-parser-output .cs1-ws-icon a{background-size:contain;padding:0 1em 0 0}.mw-parser-output .cs1-code{color:inherit;background:inherit;border:none;padding:inherit}.mw-parser-output .cs1-hidden-error{display:none;color:var(--color-error,#d33)}.mw-parser-output .cs1-visible-error{color:var(--color-error,#d33)}.mw-parser-output .cs1-maint{display:none;color:#085;margin-left:0.3em}.mw-parser-output .cs1-kern-left{padding-left:0.2em}.mw-parser-output .cs1-kern-right{padding-right:0.2em}.mw-parser-output .citation .mw-selflink{font-weight:inherit}@media screen{.mw-parser-output .cs1-format{font-size:95%}html.skin-theme-clientpref-night .mw-parser-output .cs1-maint{color:#18911f}}@media screen and (prefers-color-scheme:dark){html.skin-theme-clientpref-os .mw-parser-output .cs1-maint{color:#18911f}}</style><cite id="CITEREFYoungM._Yung1996" class="citation conference cs1">Young, A.; M. Yung (1996). Cryptovirology: extortion-based security threats and countermeasures. IEEE Symposium on Security and Privacy. pp. 129–140. <a href="/wiki/Doi_(identifier)" class="mw-redirect" title="Doi (identifier)">doi</a>:<a rel="nofollow" class="external text" href="https://doi.org/10.1109%2FSECPRI.1996.502676">10.1109/SECPRI.1996.502676</a>. <a href="/wiki/ISBN_(identifier)" class="mw-redirect" title="ISBN (identifier)">ISBN</a> <a href="/wiki/Special:BookSources/0-8186-7417-2" title="Special:BookSources/0-8186-7417-2"><bdi>0-8186-7417-2</bdi></a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=conference&rft.btitle=Cryptovirology%3A+extortion-based+security+threats+and+countermeasures&rft.pages=%3Cspan+class%3D%22nowrap%22%3E129-%3C%2Fspan%3E140&rft.date=1996&rft_id=info%3Adoi%2F10.1109%2FSECPRI.1996.502676&rft.isbn=0-8186-7417-2&rft.aulast=Young&rft.aufirst=A.&rft.au=M.+Yung&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-schofield-2">^ <a href="#cite_ref-schofield_2-0">a</a> <a href="#cite_ref-schofield_2-1">b</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFSchofield2016" class="citation web cs1">Schofield, Jack (28 July 2016). <a rel="nofollow" class="external text" href="https://www.theguardian.com/technology/askjack/2016/jul/28/how-can-i-remove-ransomware-infection">"How can I remove a ransomware infection?"</a>. The Guardian. Retrieved 28 July 2016.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=The+Guardian&rft.atitle=How+can+I+remove+a+ransomware+infection%3F&rft.date=2016-07-28&rft.aulast=Schofield&rft.aufirst=Jack&rft_id=https%3A%2F%2Fwww.theguardian.com%2Ftechnology%2Faskjack%2F2016%2Fjul%2F28%2Fhow-can-i-remove-ransomware-infection&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-43zHf-3"><a href="#cite_ref-43zHf_3-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFMimoso2016" class="citation web cs1">Mimoso, Michael (28 March 2016). <a rel="nofollow" class="external text" href="https://threatpost.com/petya-ransomware-encrypts-master-file-table/117024/">"Petya Ransomware Master File Table Encryption"</a>. threatpost.com. Retrieved 28 July 2016.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=threatpost.com&rft.atitle=Petya+Ransomware+Master+File+Table+Encryption&rft.date=2016-03-28&rft.aulast=Mimoso&rft.aufirst=Michael&rft_id=https%3A%2F%2Fthreatpost.com%2Fpetya-ransomware-encrypts-master-file-table%2F117024%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-BBe0f-4"><a href="#cite_ref-BBe0f_4-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFJustin_Luna2016" class="citation web cs1">Justin Luna (21 September 2016). <a rel="nofollow" class="external text" href="https://www.neowin.net/news/mamba-ransomware-encrypts-your-hard-drive-manipulates-the-boot-process">"Mamba ransomware encrypts your hard drive, manipulates the boot process"</a>. <a href="/wiki/Newlin" title="Newlin">Newlin</a>. Retrieved 5 November 2016.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Newlin&rft.atitle=Mamba+ransomware+encrypts+your+hard+drive%2C+manipulates+the+boot+process&rft.date=2016-09-21&rft.au=Justin+Luna&rft_id=https%3A%2F%2Fwww.neowin.net%2Fnews%2Fmamba-ransomware-encrypts-your-hard-drive-manipulates-the-boot-process&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-5"><a href="#cite_ref-5">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFMinKoWalkerLee2022" class="citation journal cs1">Min, Donghyun; Ko, Yungwoo; Walker, Ryan; Lee, Junghee; Kim, Youngjae (July 2022). <a rel="nofollow" class="external text" href="https://ieeexplore.ieee.org/document/9493745">"A Content-Based Ransomware Detection and Backup Solid-State Drive for Ransomware Defense"</a>. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems. 41 (7): 2038–2051. <a href="/wiki/Doi_(identifier)" class="mw-redirect" title="Doi (identifier)">doi</a>:<a rel="nofollow" class="external text" href="https://doi.org/10.1109%2FTCAD.2021.3099084">10.1109/TCAD.2021.3099084</a>. <a href="/wiki/ISSN_(identifier)" class="mw-redirect" title="ISSN (identifier)">ISSN</a> <a rel="nofollow" class="external text" href="https://search.worldcat.org/issn/0278-0070">0278-0070</a>. <a href="/wiki/S2CID_(identifier)" class="mw-redirect" title="S2CID (identifier)">S2CID</a> <a rel="nofollow" class="external text" href="https://api.semanticscholar.org/CorpusID:237683171">237683171</a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=IEEE+Transactions+on+Computer-Aided+Design+of+Integrated+Circuits+and+Systems&rft.atitle=A+Content-Based+Ransomware+Detection+and+Backup+Solid-State+Drive+for+Ransomware+Defense&rft.volume=41&rft.issue=7&rft.pages=%3Cspan+class%3D%22nowrap%22%3E2038-%3C%2Fspan%3E2051&rft.date=2022-07&rft_id=https%3A%2F%2Fapi.semanticscholar.org%2FCorpusID%3A237683171%23id-name%3DS2CID&rft.issn=0278-0070&rft_id=info%3Adoi%2F10.1109%2FTCAD.2021.3099084&rft.aulast=Min&rft.aufirst=Donghyun&rft.au=Ko%2C+Yungwoo&rft.au=Walker%2C+Ryan&rft.au=Lee%2C+Junghee&rft.au=Kim%2C+Youngjae&rft_id=https%3A%2F%2Fieeexplore.ieee.org%2Fdocument%2F9493745&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-Mh4zt-6"><a href="#cite_ref-Mh4zt_6-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFCameron2017" class="citation web cs1">Cameron, Dell (13 May 2017). <a rel="nofollow" class="external text" href="https://www.gizmodo.com.au/2017/05/todays-massive-ransomware-attack-was-mostly-preventable-heres-how-to-avoid-it/">"Today's Massive Ransomware Attack Was Mostly Preventable; Here's How To Avoid It"</a>. <a href="/wiki/Gizmodo" title="Gizmodo">Gizmodo</a>. Retrieved 13 May 2017.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Gizmodo&rft.atitle=Today%27s+Massive+Ransomware+Attack+Was+Mostly+Preventable%3B+Here%27s+How+To+Avoid+It&rft.date=2017-05-13&rft.aulast=Cameron&rft.aufirst=Dell&rft_id=https%3A%2F%2Fwww.gizmodo.com.au%2F2017%2F05%2Ftodays-massive-ransomware-attack-was-mostly-preventable-heres-how-to-avoid-it%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-tw-russia-7">^ <a href="#cite_ref-tw-russia_7-0">a</a> <a href="#cite_ref-tw-russia_7-1">b</a> <a href="#cite_ref-tw-russia_7-2">c</a> <a href="#cite_ref-tw-russia_7-3">d</a> <a href="#cite_ref-tw-russia_7-4">e</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFDunn" class="citation web cs1">Dunn, John E. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20140702211354/http://news.techworld.com/security/3343528/ransom-trojans-spreading-beyond-russian-heartland/">"Ransom Trojans spreading beyond Russian heartland"</a>. TechWorld. Archived from <a rel="nofollow" class="external text" href="http://news.techworld.com/security/3343528/ransom-trojans-spreading-beyond-russian-heartland/">the original</a> on 2 July 2014. Retrieved 10 March 2012.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Ransom+Trojans+spreading+beyond+Russian+heartland&rft.pub=TechWorld&rft.aulast=Dunn&rft.aufirst=John+E.&rft_id=http%3A%2F%2Fnews.techworld.com%2Fsecurity%2F3343528%2Fransom-trojans-spreading-beyond-russian-heartland%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-kkk-8">^ <a href="#cite_ref-kkk_8-0">a</a> <a href="#cite_ref-kkk_8-1">b</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.fbi.gov/news/stories/2012/august/new-internet-scam/new-internet-scam">"New Internet scam: Ransomware..."</a> FBI. 9 August 2012.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=New+Internet+scam%3A+Ransomware...&rft.pub=FBI&rft.date=2012-08-09&rft_id=https%3A%2F%2Fwww.fbi.gov%2Fnews%2Fstories%2F2012%2Faugust%2Fnew-internet-scam%2Fnew-internet-scam&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-IC3-9">^ <a href="#cite_ref-IC3_9-0">a</a> <a href="#cite_ref-IC3_9-1">b</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.ic3.gov/media/2012/121130.aspx">"Citadel malware continues to deliver Reveton ransomware..."</a> Internet Crime Complaint Center (IC3). 30 November 2012.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Citadel+malware+continues+to+deliver+Reveton+ransomware...&rft.pub=Internet+Crime+Complaint+Center+%28IC3%29&rft.date=2012-11-30&rft_id=http%3A%2F%2Fwww.ic3.gov%2Fmedia%2F2012%2F121130.aspx&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-gdvoy-10"><a href="#cite_ref-gdvoy_10-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation news cs1"><a rel="nofollow" class="external text" href="https://www.helpnetsecurity.com/2018/07/11/2018-sonicwall-cyber-threat-report/">"Ransomware back in big way, 181.5 million attacks since January"</a>. Help Net Security. 11 July 2018. Retrieved 20 October 2018.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=Help+Net+Security&rft.atitle=Ransomware+back+in+big+way%2C+181.5+million+attacks+since+January&rft.date=2018-07-11&rft_id=https%3A%2F%2Fwww.helpnetsecurity.com%2F2018%2F07%2F11%2F2018-sonicwall-cyber-threat-report%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-infoworld-mcafeeransom-11"><a href="#cite_ref-infoworld-mcafeeransom_11-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="http://www.infoworld.com/t/security/mcafee-cyber-criminals-using-android-malware-and-ransomware-the-most-219916">"Update: McAfee: Cyber criminals using Android malware and ransomware the most"</a>. InfoWorld. 3 June 2013. Retrieved 16 September 2013.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=InfoWorld&rft.atitle=Update%3A+McAfee%3A+Cyber+criminals+using+Android+malware+and+ransomware+the+most&rft.date=2013-06-03&rft_id=http%3A%2F%2Fwww.infoworld.com%2Ft%2Fsecurity%2Fmcafee-cyber-criminals-using-android-malware-and-ransomware-the-most-219916&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-cl-takedown-12">^ <a href="#cite_ref-cl-takedown_12-0">a</a> <a href="#cite_ref-cl-takedown_12-1">b</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation news cs1"><a rel="nofollow" class="external text" href="https://www.bbc.co.uk/news/technology-28661463">"Cryptolocker victims to get files back for free"</a>. BBC News. 6 August 2014. Retrieved 18 August 2014.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Cryptolocker+victims+to+get+files+back+for+free&rft.date=2014-08-06&rft_id=https%3A%2F%2Fwww.bbc.co.uk%2Fnews%2Ftechnology-28661463&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-ars-fbicryptowall-13">^ <a href="#cite_ref-ars-fbicryptowall_13-0">a</a> <a href="#cite_ref-ars-fbicryptowall_13-1">b</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://arstechnica.com/security/2015/06/fbi-says-crypto-ransomware-has-raked-in-18-million-for-cybercriminals/">"FBI says crypto ransomware has raked in >$18 million for cybercriminals"</a>. Ars Technica. 25 June 2015. Retrieved 25 June 2015.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Ars+Technica&rft.atitle=FBI+says+crypto+ransomware+has+raked+in+%3E%2418+million+for+cybercriminals&rft.date=2015-06-25&rft_id=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2015%2F06%2Ffbi-says-crypto-ransomware-has-raked-in-18-million-for-cybercriminals%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-14"><a href="#cite_ref-14">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.ic3.gov/Media/PDF/AnnualReport/2020_IC3Report.pdf">"Internet Crime Report 2020"</a> (PDF). Ic3.gov. Retrieved 1 March 2022.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Ic3.gov&rft.atitle=Internet+Crime+Report+2020&rft_id=https%3A%2F%2Fwww.ic3.gov%2FMedia%2FPDF%2FAnnualReport%2F2020_IC3Report.pdf&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-15"><a href="#cite_ref-15">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.statista.com/statistics/494947/ransomware-attacks-per-year-worldwide/">"Number of ransomware attacks per year 2022"</a>. Statista. Retrieved 4 June 2023.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Statista&rft.atitle=Number+of+ransomware+attacks+per+year+2022&rft_id=https%3A%2F%2Fwww.statista.com%2Fstatistics%2F494947%2Fransomware-attacks-per-year-worldwide%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-yycacm-16">^ <a href="#cite_ref-yycacm_16-0">a</a> <a href="#cite_ref-yycacm_16-1">b</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFYoungYung2017" class="citation journal cs1">Young, Adam L.; Yung, Moti (2017). <a rel="nofollow" class="external text" href="https://cacm.acm.org/magazines/2017/7/218875-cryptovirology/fulltext">"Cryptovirology: The Birth, Neglect, and Explosion of Ransomware"</a>. Communications of the ACM. 60 (7): 24–26. <a href="/wiki/Doi_(identifier)" class="mw-redirect" title="Doi (identifier)">doi</a>:<a rel="nofollow" class="external text" href="https://doi.org/10.1145%2F3097347">10.1145/3097347</a>. <a href="/wiki/S2CID_(identifier)" class="mw-redirect" title="S2CID (identifier)">S2CID</a> <a rel="nofollow" class="external text" href="https://api.semanticscholar.org/CorpusID:232783395">232783395</a>. Retrieved 27 June 2017.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=Communications+of+the+ACM&rft.atitle=Cryptovirology%3A+The+Birth%2C+Neglect%2C+and+Explosion+of+Ransomware&rft.volume=60&rft.issue=7&rft.pages=%3Cspan+class%3D%22nowrap%22%3E24-%3C%2Fspan%3E26&rft.date=2017&rft_id=info%3Adoi%2F10.1145%2F3097347&rft_id=https%3A%2F%2Fapi.semanticscholar.org%2FCorpusID%3A232783395%23id-name%3DS2CID&rft.aulast=Young&rft.aufirst=Adam+L.&rft.au=Yung%2C+Moti&rft_id=https%3A%2F%2Fcacm.acm.org%2Fmagazines%2F2017%2F7%2F218875-cryptovirology%2Ffulltext&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-cw-ranactivate-17">^ <a href="#cite_ref-cw-ranactivate_17-0">a</a> <a href="#cite_ref-cw-ranactivate_17-1">b</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation magazine cs1"><a rel="nofollow" class="external text" href="https://web.archive.org/web/20140703000708/http://www.computerworld.com/s/article/9215711/Ransomware_squeezes_users_with_bogus_Windows_activation_demand">"Ransomware squeezes users with bogus Windows activation demand"</a>. Computerworld. 11 April 2011. Archived from <a rel="nofollow" class="external text" href="http://www.computerworld.com/s/article/9215711/Ransomware_squeezes_users_with_bogus_Windows_activation_demand">the original</a> on 3 July 2014. Retrieved 9 March 2012.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=Computerworld&rft.atitle=Ransomware+squeezes+users+with+bogus+Windows+activation+demand&rft.date=2011-04-11&rft_id=http%3A%2F%2Fwww.computerworld.com%2Fs%2Farticle%2F9215711%2FRansomware_squeezes_users_with_bogus_Windows_activation_demand&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-hsfi-ransom-18">^ <a href="#cite_ref-hsfi-ransom_18-0">a</a> <a href="#cite_ref-hsfi-ransom_18-1">b</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation news cs1"><a rel="nofollow" class="external text" href="http://www.hs.fi/english/article/Police+warn+of+extortion+messages+sent+in+their+name/1329103586716">"Police warn of extortion messages sent in their name"</a>. <a href="/wiki/Helsingin_Sanomat" title="Helsingin Sanomat">Helsingin Sanomat</a>. Retrieved 9 March 2012.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=Helsingin+Sanomat&rft.atitle=Police+warn+of+extortion+messages+sent+in+their+name&rft_id=http%3A%2F%2Fwww.hs.fi%2Fenglish%2Farticle%2FPolice%2Bwarn%2Bof%2Bextortion%2Bmessages%2Bsent%2Bin%2Btheir%2Bname%2F1329103586716&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-pcw-russia-19">^ <a href="#cite_ref-pcw-russia_19-0">a</a> <a href="#cite_ref-pcw-russia_19-1">b</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFMcMillian2010" class="citation magazine cs1">McMillian, Robert (31 August 2010). <a rel="nofollow" class="external text" href="https://web.archive.org/web/20101104134852/http://www.pcworld.com/article/204577/alleged_ransomware_gang_investigated_by_moscow_police.html">"Alleged Ransomware Gang Investigated by Moscow Police"</a>. PC World. Archived from <a rel="nofollow" class="external text" href="https://www.pcworld.com/article/204577/alleged_ransomware_gang_investigated_by_moscow_police.html">the original</a> on 4 November 2010. Retrieved 10 March 2012.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=PC+World&rft.atitle=Alleged+Ransomware+Gang+Investigated+by+Moscow+Police&rft.date=2010-08-31&rft.aulast=McMillian&rft.aufirst=Robert&rft_id=https%3A%2F%2Fwww.pcworld.com%2Farticle%2F204577%2Falleged_ransomware_gang_investigated_by_moscow_police.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-kaspersky-german-20"><a href="#cite_ref-kaspersky-german_20-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="http://www.securelist.com/en/blog/6155/Ransomware_Fake_Federal_German_Police_BKA_notice">"Ransomware: Fake Federal German Police (BKA) notice"</a>. SecureList (Kaspersky Lab). Retrieved 10 March 2012.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Ransomware%3A+Fake+Federal+German+Police+%28BKA%29+notice&rft.pub=SecureList+%28Kaspersky+Lab%29&rft_id=http%3A%2F%2Fwww.securelist.com%2Fen%2Fblog%2F6155%2FRansomware_Fake_Federal_German_Police_BKA_notice&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-kaspersky-mbr-21"><a href="#cite_ref-kaspersky-mbr_21-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="http://www.securelist.com/en/blog/208188032/And_Now_an_MBR_Ransomware">"And Now, an MBR Ransomware"</a>. SecureList (Kaspersky Lab). Retrieved 10 March 2012.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=And+Now%2C+an+MBR+Ransomware&rft.pub=SecureList+%28Kaspersky+Lab%29&rft_id=http%3A%2F%2Fwww.securelist.com%2Fen%2Fblog%2F208188032%2FAnd_Now_an_MBR_Ransomware&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-young-2-22"><a href="#cite_ref-young-2_22-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFAdam_Young2005" class="citation news cs1">Adam Young (2005). Zhou, Jianying; Lopez, Javier (eds.). "Building a Cryptovirus Using Microsoft's Cryptographic API". Information Security: 8th International Conference, ISC 2005. <a href="/wiki/Springer-Verlag" class="mw-redirect" title="Springer-Verlag">Springer-Verlag</a>. pp. 389–401.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=Information+Security%3A+8th+International+Conference%2C+ISC+2005&rft.atitle=Building+a+Cryptovirus+Using+Microsoft%27s+Cryptographic+API&rft.pages=%3Cspan+class%3D%22nowrap%22%3E389-%3C%2Fspan%3E401&rft.date=2005&rft.au=Adam+Young&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-young-3-23"><a href="#cite_ref-young-3_23-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFYoung2006" class="citation journal cs1">Young, Adam (2006). "Cryptoviral Extortion Using Microsoft's Crypto API: Can Crypto APIs Help the Enemy?". International Journal of Information Security. 5 (2): 67–76. <a href="/wiki/Doi_(identifier)" class="mw-redirect" title="Doi (identifier)">doi</a>:<a rel="nofollow" class="external text" href="https://doi.org/10.1007%2Fs10207-006-0082-7">10.1007/s10207-006-0082-7</a>. <a href="/wiki/S2CID_(identifier)" class="mw-redirect" title="S2CID (identifier)">S2CID</a> <a rel="nofollow" class="external text" href="https://api.semanticscholar.org/CorpusID:12990192">12990192</a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=International+Journal+of+Information+Security&rft.atitle=Cryptoviral+Extortion+Using+Microsoft%27s+Crypto+API%3A+Can+Crypto+APIs+Help+the+Enemy%3F&rft.volume=5&rft.issue=2&rft.pages=%3Cspan+class%3D%22nowrap%22%3E67-%3C%2Fspan%3E76&rft.date=2006&rft_id=info%3Adoi%2F10.1007%2Fs10207-006-0082-7&rft_id=https%3A%2F%2Fapi.semanticscholar.org%2FCorpusID%3A12990192%23id-name%3DS2CID&rft.aulast=Young&rft.aufirst=Adam&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-zdnet-24"><a href="#cite_ref-zdnet_24-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFDanchev2009" class="citation news cs1">Danchev, Dancho (22 April 2009). <a rel="nofollow" class="external text" href="https://web.archive.org/web/20090426055732/http://blogs.zdnet.com/security/?p=3197">"New ransomware locks PCs, demands premium SMS for removal"</a>. <a href="/wiki/ZDNet" class="mw-redirect" title="ZDNet">ZDNet</a>. Archived from <a rel="nofollow" class="external text" href="http://blogs.zdnet.com/security/?p=3197">the original</a> on 26 April 2009. Retrieved 2 May 2009.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=ZDNet&rft.atitle=New+ransomware+locks+PCs%2C+demands+premium+SMS+for+removal&rft.date=2009-04-22&rft.aulast=Danchev&rft.aufirst=Dancho&rft_id=http%3A%2F%2Fblogs.zdnet.com%2Fsecurity%2F%3Fp%3D3197&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-cw-pirated-25"><a href="#cite_ref-cw-pirated_25-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation magazine cs1"><a rel="nofollow" class="external text" href="https://web.archive.org/web/20140703021642/http://www.computerworld.com/s/article/9219745/Ransomware_plays_pirated_Windows_card_demands_143">"Ransomware plays pirated Windows card, demands $143"</a>. Computerworld. 6 September 2011. Archived from <a rel="nofollow" class="external text" href="http://www.computerworld.com/s/article/9219745/Ransomware_plays_pirated_Windows_card_demands_143">the original</a> on 3 July 2014. Retrieved 9 March 2012.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=Computerworld&rft.atitle=Ransomware+plays+pirated+Windows+card%2C+demands+%24143&rft.date=2011-09-06&rft_id=http%3A%2F%2Fwww.computerworld.com%2Fs%2Farticle%2F9219745%2FRansomware_plays_pirated_Windows_card_demands_143&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-arstechnica-26"><a href="#cite_ref-arstechnica_26-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFCheng2007" class="citation web cs1">Cheng, Jacqui (18 July 2007). <a rel="nofollow" class="external text" href="https://arstechnica.com/security/news/2007/07/new-trojans-give-us-300-or-the-data-gets-it.ars">"New Trojans: give us $300, or the data gets it!"</a>. Ars Technica. Retrieved 16 April 2009.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Ars+Technica&rft.atitle=New+Trojans%3A+give+us+%24300%2C+or+the+data+gets+it%21&rft.date=2007-07-18&rft.aulast=Cheng&rft.aufirst=Jacqui&rft_id=https%3A%2F%2Farstechnica.com%2Fsecurity%2Fnews%2F2007%2F07%2Fnew-trojans-give-us-300-or-the-data-gets-it.ars&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-ars-cryptolocker-27">^ <a href="#cite_ref-ars-cryptolocker_27-0">a</a> <a href="#cite_ref-ars-cryptolocker_27-1">b</a> <a href="#cite_ref-ars-cryptolocker_27-2">c</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://arstechnica.com/security/2013/10/youre-infected-if-you-want-to-see-your-data-again-pay-us-300-in-bitcoins/">"You're infected—if you want to see your data again, pay us $300 in Bitcoins"</a>. Ars Technica. 17 October 2013. Retrieved 23 October 2013.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Ars+Technica&rft.atitle=You%27re+infected%E2%80%94if+you+want+to+see+your+data+again%2C+pay+us+%24300+in+Bitcoins&rft.date=2013-10-17&rft_id=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2013%2F10%2Fyoure-infected-if-you-want-to-see-your-data-again-pay-us-300-in-bitcoins%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-computerworld-cryptodefense-28">^ <a href="#cite_ref-computerworld-cryptodefense_28-0">a</a> <a href="#cite_ref-computerworld-cryptodefense_28-1">b</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://web.archive.org/web/20140703000139/http://www.computerworld.com/s/article/9247348/CryptoDefense_ransomware_leaves_decryption_key_accessible">"CryptoDefense ransomware leaves decryption key accessible"</a>. Computerworld. IDG. April 2014. Archived from <a rel="nofollow" class="external text" href="http://www.computerworld.com/s/article/9247348/CryptoDefense_ransomware_leaves_decryption_key_accessible">the original</a> on 3 July 2014. Retrieved 7 April 2014.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Computerworld&rft.atitle=CryptoDefense+ransomware+leaves+decryption+key+accessible&rft.date=2014-04&rft_id=http%3A%2F%2Fwww.computerworld.com%2Fs%2Farticle%2F9247348%2FCryptoDefense_ransomware_leaves_decryption_key_accessible&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-tm-cryptodefense-29"><a href="#cite_ref-tm-cryptodefense_29-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://archive.today/20160523092754/https://www.techiemotto.com/ransomware-attacks-windows-computer/75/">"What to do if Ransomware Attacks on your Windows Computer?"</a>. Techie Motto. Archived from <a rel="nofollow" class="external text" href="https://www.techiemotto.com/ransomware-attacks-windows-computer/75/">the original</a> on 23 May 2016. Retrieved 25 April 2016.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Techie+Motto&rft.atitle=What+to+do+if+Ransomware+Attacks+on+your+Windows+Computer%3F&rft_id=https%3A%2F%2Fwww.techiemotto.com%2Fransomware-attacks-windows-computer%2F75%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-3F0Ac-30"><a href="#cite_ref-3F0Ac_30-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFAdam2020" class="citation web cs1">Adam, Sally (12 May 2020). <a rel="nofollow" class="external text" href="https://news.sophos.com/en-us/2020/05/12/the-state-of-ransomware-2020/">"The state of ransomware 2020"</a>. Sophos News. Retrieved 18 September 2020.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Sophos+News&rft.atitle=The+state+of+ransomware+2020&rft.date=2020-05-12&rft.aulast=Adam&rft.aufirst=Sally&rft_id=https%3A%2F%2Fnews.sophos.com%2Fen-us%2F2020%2F05%2F12%2Fthe-state-of-ransomware-2020%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-tr-extortion-31"><a href="#cite_ref-tr-extortion_31-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFKassner" class="citation magazine cs1">Kassner, Michael. <a rel="nofollow" class="external text" href="https://www.techrepublic.com/blog/security/ransomware-extortion-via-the-internet/2976">"Ransomware: Extortion via the Internet"</a>. TechRepublic. Retrieved 10 March 2012.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=TechRepublic&rft.atitle=Ransomware%3A+Extortion+via+the+Internet&rft.aulast=Kassner&rft.aufirst=Michael&rft_id=http%3A%2F%2Fwww.techrepublic.com%2Fblog%2Fsecurity%2Fransomware-extortion-via-the-internet%2F2976&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-mFQOG-32"><a href="#cite_ref-mFQOG_32-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFSebastiaan_von_SolmsDavid_Naccache1992" class="citation journal cs1">Sebastiaan von Solms; David Naccache (1992). <a rel="nofollow" class="external text" href="https://web.archive.org/web/20171026002327/https://pdfs.semanticscholar.org/67bb/82e6981239270d644e60e8f868b4f0752126.pdf">"On Blind 'Signatures and Perfect Crimes"</a> (PDF). Computers & Security. 11 (6): 581–583. <a href="/wiki/Doi_(identifier)" class="mw-redirect" title="Doi (identifier)">doi</a>:<a rel="nofollow" class="external text" href="https://doi.org/10.1016%2F0167-4048%2892%2990193-U">10.1016/0167-4048(92)90193-U</a>. <a href="/wiki/S2CID_(identifier)" class="mw-redirect" title="S2CID (identifier)">S2CID</a> <a rel="nofollow" class="external text" href="https://api.semanticscholar.org/CorpusID:23153906">23153906</a>. Archived from <a rel="nofollow" class="external text" href="https://pdfs.semanticscholar.org/67bb/82e6981239270d644e60e8f868b4f0752126.pdf">the original</a> (PDF) on 26 October 2017. Retrieved 25 October 2017.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=Computers+%26+Security&rft.atitle=On+Blind+%27Signatures+and+Perfect+Crimes&rft.volume=11&rft.issue=6&rft.pages=%3Cspan+class%3D%22nowrap%22%3E581-%3C%2Fspan%3E583&rft.date=1992&rft_id=info%3Adoi%2F10.1016%2F0167-4048%2892%2990193-U&rft_id=https%3A%2F%2Fapi.semanticscholar.org%2FCorpusID%3A23153906%23id-name%3DS2CID&rft.au=Sebastiaan+von+Solms&rft.au=David+Naccache&rft_id=https%3A%2F%2Fpdfs.semanticscholar.org%2F67bb%2F82e6981239270d644e60e8f868b4f0752126.pdf&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-vTgTO-33"><a href="#cite_ref-vTgTO_33-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFSchaibly2005" class="citation web cs1">Schaibly, Susan (26 September 2005). <a rel="nofollow" class="external text" href="http://www.networkworld.com/buzz/2005/092605-ransom.html?page=3">"Files for ransom"</a>. <a href="/wiki/Network_World" class="mw-redirect" title="Network World">Network World</a>. Retrieved 17 April 2009.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Files+for+ransom&rft.pub=Network+World&rft.date=2005-09-26&rft.aulast=Schaibly&rft.aufirst=Susan&rft_id=http%3A%2F%2Fwww.networkworld.com%2Fbuzz%2F2005%2F092605-ransom.html%3Fpage%3D3&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-Ts45J-34"><a href="#cite_ref-Ts45J_34-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFLeyden2006" class="citation web cs1">Leyden, John (24 July 2006). <a rel="nofollow" class="external text" href="http://theregister.co.uk/2006/07/24/ransomware/">"Ransomware getting harder to break"</a>. The Register. Retrieved 18 April 2009.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=The+Register&rft.atitle=Ransomware+getting+harder+to+break&rft.date=2006-07-24&rft.aulast=Leyden&rft.aufirst=John&rft_id=http%3A%2F%2Ftheregister.co.uk%2F2006%2F07%2F24%2Fransomware%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-zdnet-2-35"><a href="#cite_ref-zdnet-2_35-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFNaraine2008" class="citation news cs1">Naraine, Ryan (6 June 2008). <a rel="nofollow" class="external text" href="https://web.archive.org/web/20080803000014/http://blogs.zdnet.com/security/?p=1251">"Blackmail ransomware returns with 1024-bit encryption key"</a>. <a href="/wiki/ZDNet" class="mw-redirect" title="ZDNet">ZDNet</a>. Archived from <a rel="nofollow" class="external text" href="http://blogs.zdnet.com/security/?p=1251">the original</a> on 3 August 2008. Retrieved 3 May 2009.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=ZDNet&rft.atitle=Blackmail+ransomware+returns+with+1024-bit+encryption+key&rft.date=2008-06-06&rft.aulast=Naraine&rft.aufirst=Ryan&rft_id=http%3A%2F%2Fblogs.zdnet.com%2Fsecurity%2F%3Fp%3D1251&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-securityfocus-36"><a href="#cite_ref-securityfocus_36-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFLemos2008" class="citation web cs1">Lemos, Robert (13 June 2008). <a rel="nofollow" class="external text" href="http://www.securityfocus.com/news/11523">"Ransomware resisting crypto cracking efforts"</a>. <a href="/wiki/SecurityFocus" title="SecurityFocus">SecurityFocus</a>. Retrieved 18 April 2009.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Ransomware+resisting+crypto+cracking+efforts&rft.pub=SecurityFocus&rft.date=2008-06-13&rft.aulast=Lemos&rft.aufirst=Robert&rft_id=http%3A%2F%2Fwww.securityfocus.com%2Fnews%2F11523&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-washingtonpost-37"><a href="#cite_ref-washingtonpost_37-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFKrebs2008" class="citation news cs1">Krebs, Brian (9 June 2008). <a rel="nofollow" class="external text" href="https://archive.today/20130205190138/http://voices.washingtonpost.com/securityfix/2008/06/ransomware_encrypts_victim_fil.html">"Ransomware Encrypts Victim Files with 1,024-Bit Key"</a>. <a href="/wiki/The_Washington_Post" title="The Washington Post">The Washington Post</a>. Archived from <a rel="nofollow" class="external text" href="http://voices.washingtonpost.com/securityfix/2008/06/ransomware_encrypts_victim_fil.html">the original</a> on 5 February 2013. Retrieved 16 April 2009.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=The+Washington+Post&rft.atitle=Ransomware+Encrypts+Victim+Files+with+1%2C024-Bit+Key&rft.date=2008-06-09&rft.aulast=Krebs&rft.aufirst=Brian&rft_id=http%3A%2F%2Fvoices.washingtonpost.com%2Fsecurityfix%2F2008%2F06%2Fransomware_encrypts_victim_fil.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-kapersky-38"><a href="#cite_ref-kapersky_38-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="http://www.kaspersky.com/news?id=207575650">"Kaspersky Lab reports a new and dangerous blackmailing virus"</a>. <a href="/wiki/Kaspersky_Lab" title="Kaspersky Lab">Kaspersky Lab</a>. 5 June 2008. Retrieved 11 June 2008.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Kaspersky+Lab+reports+a+new+and+dangerous+blackmailing+virus&rft.pub=Kaspersky+Lab&rft.date=2008-06-05&rft_id=http%3A%2F%2Fwww.kaspersky.com%2Fnews%3Fid%3D207575650&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-zdnet-bitcoinprice-39"><a href="#cite_ref-zdnet-bitcoinprice_39-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFViolet_Blue2013" class="citation news cs1"><a href="/wiki/Violet_Blue" title="Violet Blue">Violet Blue</a> (22 December 2013). <a rel="nofollow" class="external text" href="https://www.zdnet.com/article/cryptolockers-crimewave-a-trail-of-millions-in-laundered-bitcoin/">"CryptoLocker's crimewave: A trail of millions in laundered Bitcoin"</a>. <a href="/wiki/ZDNet" class="mw-redirect" title="ZDNet">ZDNet</a>. Retrieved 23 December 2013.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=ZDNet&rft.atitle=CryptoLocker%27s+crimewave%3A+A+trail+of+millions+in+laundered+Bitcoin&rft.date=2013-12-22&rft.au=Violet+Blue&rft_id=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fcryptolockers-crimewave-a-trail-of-millions-in-laundered-bitcoin%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-pcworld-torrentlocker-40">^ <a href="#cite_ref-pcworld-torrentlocker_40-0">a</a> <a href="#cite_ref-pcworld-torrentlocker_40-1">b</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="http://www.pcworld.com/article/2685432/encryption-goof-fixed-in-torrentlocker-filelocking-malware.html">"Encryption goof fixed in TorrentLocker file-locking malware"</a>. PC World. 17 September 2014. Retrieved 15 October 2014.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=PC+World&rft.atitle=Encryption+goof+fixed+in+TorrentLocker+file-locking+malware&rft.date=2014-09-17&rft_id=http%3A%2F%2Fwww.pcworld.com%2Farticle%2F2685432%2Fencryption-goof-fixed-in-torrentlocker-filelocking-malware.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-eset-cl2-41"><a href="#cite_ref-eset-cl2_41-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="http://www.welivesecurity.com/2013/12/19/cryptolocker-2-0-new-version-or-copycat/">"Cryptolocker 2.0 – new version, or copycat?"</a>. WeLiveSecurity. ESET. 19 December 2013. Retrieved 18 January 2014.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=WeLiveSecurity&rft.atitle=Cryptolocker+2.0+%E2%80%93+new+version%2C+or+copycat%3F&rft.date=2013-12-19&rft_id=http%3A%2F%2Fwww.welivesecurity.com%2F2013%2F12%2F19%2Fcryptolocker-2-0-new-version-or-copycat%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-tm-newcl-42"><a href="#cite_ref-tm-newcl_42-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://web.archive.org/web/20161104095631/http://blog.trendmicro.com/trendlabs-security-intelligence/new-cryptolocker-spreads-via-removable-drives/">"New CryptoLocker Spreads via Removable Drives"</a>. Trend Micro. 26 December 2013. Archived from <a rel="nofollow" class="external text" href="http://blog.trendmicro.com/trendlabs-security-intelligence/new-cryptolocker-spreads-via-removable-drives/">the original</a> on 4 November 2016. Retrieved 18 January 2014.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=New+CryptoLocker+Spreads+via+Removable+Drives&rft.pub=Trend+Micro&rft.date=2013-12-26&rft_id=http%3A%2F%2Fblog.trendmicro.com%2Ftrendlabs-security-intelligence%2Fnew-cryptolocker-spreads-via-removable-drives%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-extech-synologycrypto-43"><a href="#cite_ref-extech-synologycrypto_43-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation news cs1"><a rel="nofollow" class="external text" href="https://web.archive.org/web/20140819084648/http://www.extremetech.com/extreme/187518-synology-nas-devices-targeted-by-hackers-demand-bitcoin-ransom-to-decrypt-files">"Synology NAS devices targeted by hackers, demand Bitcoin ransom to decrypt files"</a>. ExtremeTech. Ziff Davis Media. Archived from <a rel="nofollow" class="external text" href="http://www.extremetech.com/extreme/187518-synology-nas-devices-targeted-by-hackers-demand-bitcoin-ransom-to-decrypt-files">the original</a> on 19 August 2014. Retrieved 18 August 2014.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=ExtremeTech&rft.atitle=Synology+NAS+devices+targeted+by+hackers%2C+demand+Bitcoin+ransom+to+decrypt+files&rft_id=http%3A%2F%2Fwww.extremetech.com%2Fextreme%2F187518-synology-nas-devices-targeted-by-hackers-demand-bitcoin-ransom-to-decrypt-files&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-pcworld-linuxrw-44"><a href="#cite_ref-pcworld-linuxrw_44-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="http://www.pcworld.com/article/3003098/business-security/file-encrypting-ransomware-starts-targeting-linux-web-servers.html">"File-encrypting ransomware starts targeting Linux web servers"</a>. PC World. IDG. 9 November 2015. Retrieved 31 May 2016.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=PC+World&rft.atitle=File-encrypting+ransomware+starts+targeting+Linux+web+servers&rft.date=2015-11-09&rft_id=http%3A%2F%2Fwww.pcworld.com%2Farticle%2F3003098%2Fbusiness-security%2Ffile-encrypting-ransomware-starts-targeting-linux-web-servers.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-sw-ransomweb-45"><a href="#cite_ref-sw-ransomweb_45-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://web.archive.org/web/20170420200205/http://www.securityweek.com/cybercriminals-encrypt-website-databases-%E2%80%9Cransomweb%E2%80%9D-attacks">"Cybercriminals Encrypt Website Databases in "RansomWeb" Attacks"</a>. SecurityWeek. Archived from <a rel="nofollow" class="external text" href="http://www.securityweek.com/cybercriminals-encrypt-website-databases-%E2%80%9Cransomweb%E2%80%9D-attacks">the original</a> on 20 April 2017. Retrieved 31 May 2016.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=SecurityWeek&rft.atitle=Cybercriminals+Encrypt+Website+Databases+in+%22RansomWeb%22+Attacks&rft_id=http%3A%2F%2Fwww.securityweek.com%2Fcybercriminals-encrypt-website-databases-%25E2%2580%259Cransomweb%25E2%2580%259D-attacks&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-guardian-ransomweb-46"><a href="#cite_ref-guardian-ransomweb_46-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation news cs1"><a rel="nofollow" class="external text" href="https://www.theguardian.com/technology/2015/feb/03/hackers-websites-ransom-switching-encryption-keys">"Hackers holding websites to ransom by switching their encryption keys"</a>. <a href="/wiki/The_Guardian" title="The Guardian">The Guardian</a>. Retrieved 31 May 2016.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=The+Guardian&rft.atitle=Hackers+holding+websites+to+ransom+by+switching+their+encryption+keys&rft_id=https%3A%2F%2Fwww.theguardian.com%2Ftechnology%2F2015%2Ffeb%2F03%2Fhackers-websites-ransom-switching-encryption-keys&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-47"><a href="#cite_ref-47">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFBurgess" class="citation magazine cs1">Burgess, Matt. <a rel="nofollow" class="external text" href="https://www.wired.com/story/costa-rica-ransomware-conti/">"Conti's Attack Against Costa Rica Sparks a New Ransomware Era"</a>. Wired. <a href="/wiki/ISSN_(identifier)" class="mw-redirect" title="ISSN (identifier)">ISSN</a> <a rel="nofollow" class="external text" href="https://search.worldcat.org/issn/1059-1028">1059-1028</a>. Retrieved 11 July 2024.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=Wired&rft.atitle=Conti%27s+Attack+Against+Costa+Rica+Sparks+a+New+Ransomware+Era&rft.issn=1059-1028&rft.aulast=Burgess&rft.aufirst=Matt&rft_id=https%3A%2F%2Fwww.wired.com%2Fstory%2Fcosta-rica-ransomware-conti%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-48"><a href="#cite_ref-48">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation news cs1"><a rel="nofollow" class="external text" href="https://www.bbc.com/news/technology-61323402">"President Rodrigo Chaves says Costa Rica is at war with Conti hackers"</a>. 18 May 2022. Retrieved 11 July 2024.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=President+Rodrigo+Chaves+says+Costa+Rica+is+at+war+with+Conti+hackers&rft.date=2022-05-18&rft_id=https%3A%2F%2Fwww.bbc.com%2Fnews%2Ftechnology-61323402&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-EMEuQ-49"><a href="#cite_ref-EMEuQ_49-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://blogs.technet.microsoft.com/mmpc/2016/10/19/the-new-lnk-between-spam-and-locky-infection/">"The new .LNK between spam and Locky infection"</a>. Blogs.technet.microsoft.com. 19 October 2016. Retrieved 25 October 2017.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Blogs.technet.microsoft.com&rft.atitle=The+new+.LNK+between+spam+and+Locky+infection&rft.date=2016-10-19&rft_id=https%3A%2F%2Fblogs.technet.microsoft.com%2Fmmpc%2F2016%2F10%2F19%2Fthe-new-lnk-between-spam-and-locky-infection%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-J5eBn-50"><a href="#cite_ref-J5eBn_50-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFMuncaster2016" class="citation web cs1">Muncaster, Phil (13 April 2016). <a rel="nofollow" class="external text" href="https://www.infosecurity-magazine.com/news/powershell-exploits-spotted-over/">"PowerShell Exploits Spotted in Over a Third of Attacks"</a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=PowerShell+Exploits+Spotted+in+Over+a+Third+of+Attacks&rft.date=2016-04-13&rft.aulast=Muncaster&rft.aufirst=Phil&rft_id=https%3A%2F%2Fwww.infosecurity-magazine.com%2Fnews%2Fpowershell-exploits-spotted-over%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-guardian-tor-51"><a href="#cite_ref-guardian-tor_51-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation news cs1"><a rel="nofollow" class="external text" href="https://www.theguardian.com/technology/2014/jul/25/new-ransomware-employs-tor-onion-malware">"New ransomware employs Tor to stay hidden from security"</a>. <a href="/wiki/The_Guardian" title="The Guardian">The Guardian</a>. Retrieved 31 May 2016.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=The+Guardian&rft.atitle=New+ransomware+employs+Tor+to+stay+hidden+from+security&rft_id=https%3A%2F%2Fwww.theguardian.com%2Ftechnology%2F2014%2Fjul%2F25%2Fnew-ransomware-employs-tor-onion-malware&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-sophos-ctblocker-52">^ <a href="#cite_ref-sophos-ctblocker_52-0">a</a> <a href="#cite_ref-sophos-ctblocker_52-1">b</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://blogs.sophos.com/2015/12/31/the-current-state-of-ransomware-ctb-locker/">"The current state of ransomware: CTB-Locker"</a>. Sophos Blog. Sophos. 31 December 2015. Retrieved 31 May 2016.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Sophos+Blog&rft.atitle=The+current+state+of+ransomware%3A+CTB-Locker&rft.date=2015-12-31&rft_id=https%3A%2F%2Fblogs.sophos.com%2F2015%2F12%2F31%2Fthe-current-state-of-ransomware-ctb-locker%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-6muO1-53"><a href="#cite_ref-6muO1_53-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFBrook2015" class="citation news cs1">Brook, Chris (4 June 2015). <a rel="nofollow" class="external text" href="https://threatpost.com/author-behind-ransomware-tox-calls-it-quits-sells-platform/113151">"Author Behind Ransomware Tox Calls it Quits, Sells Platform"</a>. Retrieved 6 August 2015.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Author+Behind+Ransomware+Tox+Calls+it+Quits%2C+Sells+Platform&rft.date=2015-06-04&rft.aulast=Brook&rft.aufirst=Chris&rft_id=https%3A%2F%2Fthreatpost.com%2Fauthor-behind-ransomware-tox-calls-it-quits-sells-platform%2F113151&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-KguUY-54"><a href="#cite_ref-KguUY_54-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFDela_Paz2015" class="citation news cs1">Dela Paz, Roland (29 July 2015). <a rel="nofollow" class="external text" href="https://web.archive.org/web/20150802013442/http://blog.fortinet.com/post/encryptor-raas-yet-another-new-ransomware-as-a-service-on-the-block">"Encryptor RaaS: Yet another new Ransomware-as-a-Service on the Block"</a>. Archived from <a rel="nofollow" class="external text" href="http://blog.fortinet.com/post/encryptor-raas-yet-another-new-ransomware-as-a-service-on-the-block">the original</a> on 2 August 2015. Retrieved 6 August 2015.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Encryptor+RaaS%3A+Yet+another+new+Ransomware-as-a-Service+on+the+Block&rft.date=2015-07-29&rft.aulast=Dela+Paz&rft.aufirst=Roland&rft_id=http%3A%2F%2Fblog.fortinet.com%2Fpost%2Fencryptor-raas-yet-another-new-ransomware-as-a-service-on-the-block&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-:0-55"><a href="#cite_ref-:0_55-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://web.archive.org/web/20170425065754/http://tech.firstpost.com/news-analysis/symantec-classifies-ransomware-as-the-most-dangerous-cyber-threat-336688.html">"Symantec classifies ransomware as the most dangerous cyber threat – Tech2"</a>. 22 September 2016. Archived from <a rel="nofollow" class="external text" href="http://tech.firstpost.com/news-analysis/symantec-classifies-ransomware-as-the-most-dangerous-cyber-threat-336688.html">the original</a> on 25 April 2017. Retrieved 22 September 2016.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Symantec+classifies+ransomware+as+the+most+dangerous+cyber+threat+%E2%80%93+Tech2&rft.date=2016-09-22&rft_id=http%3A%2F%2Ftech.firstpost.com%2Fnews-analysis%2Fsymantec-classifies-ransomware-as-the-most-dangerous-cyber-threat-336688.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-ibVGX-56"><a href="#cite_ref-ibVGX_56-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFLeyden" class="citation web cs1">Leyden, John. <a rel="nofollow" class="external text" href="https://www.theregister.co.uk/2010/09/01/ransomware_trojan_suspects_cuffed/">"Russian cops cuff 10 ransomware Trojan suspects"</a>. The Register. Retrieved 10 March 2012.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=The+Register&rft.atitle=Russian+cops+cuff+10+ransomware+Trojan+suspects&rft.aulast=Leyden&rft.aufirst=John&rft_id=https%3A%2F%2Fwww.theregister.co.uk%2F2010%2F09%2F01%2Fransomware_trojan_suspects_cuffed%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-Gorman&McDonald-57">^ <a href="#cite_ref-Gorman&McDonald_57-0">a</a> <a href="#cite_ref-Gorman&McDonald_57-1">b</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFO'GormanMcDonald2012" class="citation cs2">O'Gorman, G.; McDonald, G. (2012), <a rel="nofollow" class="external text" href="https://www.01net.it/whitepaper_library/Symantec_Ransomware_Growing_Menace.pdf">Ransonmware: A Growing Menace</a> (PDF), Symantec Security Response, Symantec Corporation, retrieved 5 October 2019</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=book&rft.btitle=Ransonmware%3A+A+Growing+Menace&rft.series=Symantec+Security+Response&rft.pub=Symantec+Corporation&rft.date=2012&rft.aulast=O%27Gorman&rft.aufirst=G.&rft.au=McDonald%2C+G.&rft_id=https%3A%2F%2Fwww.01net.it%2Fwhitepaper_library%2FSymantec_Ransomware_Growing_Menace.pdf&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-tnw-fakenudepics-58"><a href="#cite_ref-tnw-fakenudepics_58-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://thenextweb.com/insider/2013/02/07/criminals-push-ransomware-hosted-on-github-and-sourceforge-pages-by-spamming-fake-nude-pics-of-celebrities/">"Criminals push ransomware hosted on GitHub and SourceForge pages by spamming 'fake nude pics' of celebrities"</a>. TheNextWeb. 7 February 2013. Retrieved 17 July 2013.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=TheNextWeb&rft.atitle=Criminals+push+ransomware+hosted+on+GitHub+and+SourceForge+pages+by+spamming+%27fake+nude+pics%27+of+celebrities&rft.date=2013-02-07&rft_id=https%3A%2F%2Fthenextweb.com%2Finsider%2F2013%2F02%2F07%2Fcriminals-push-ransomware-hosted-on-github-and-sourceforge-pages-by-spamming-fake-nude-pics-of-celebrities%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-tnw-osxransom-59"><a href="#cite_ref-tnw-osxransom_59-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://thenextweb.com/apple/2013/07/16/new-os-x-malware-holds-macs-for-ransom-demands-300-fine-to-the-fbi-for-viewing-or-distributing-porn/">"New OS X malware holds Macs for ransom, demands $300 fine to the FBI for 'viewing or distributing' porn"</a>. TheNextWeb. 15 July 2013. Retrieved 17 July 2013.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=TheNextWeb&rft.atitle=New+OS+X+malware+holds+Macs+for+ransom%2C+demands+%24300+fine+to+the+FBI+for+%27viewing+or+distributing%27+porn&rft.date=2013-07-15&rft_id=https%3A%2F%2Fthenextweb.com%2Fapple%2F2013%2F07%2F16%2Fnew-os-x-malware-holds-macs-for-ransom-demands-300-fine-to-the-fbi-for-viewing-or-distributing-porn%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-ars-cpvirginia-60"><a href="#cite_ref-ars-cpvirginia_60-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://arstechnica.com/tech-policy/2013/07/man-gets-ransomware-porn-pop-up-turns-self-in-on-child-porn-charges/">"Man gets ransomware porn pop-up, goes to cops, gets arrested on child porn charges"</a>. Ars Technica. 26 July 2013. Retrieved 31 July 2013.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Ars+Technica&rft.atitle=Man+gets+ransomware+porn+pop-up%2C+goes+to+cops%2C+gets+arrested+on+child+porn+charges&rft.date=2013-07-26&rft_id=https%3A%2F%2Farstechnica.com%2Ftech-policy%2F2013%2F07%2Fman-gets-ransomware-porn-pop-up-turns-self-in-on-child-porn-charges%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-iaw2003-61"><a href="#cite_ref-iaw2003_61-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFYoung2003" class="citation conference cs1">Young, A. (2003). Non-Zero Sum Games and Survivable Malware. IEEE Systems, Man and Cybernetics Society Information Assurance Workshop. pp. 24–29.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=conference&rft.btitle=Non-Zero+Sum+Games+and+Survivable+Malware&rft.pages=%3Cspan+class%3D%22nowrap%22%3E24-%3C%2Fspan%3E29&rft.date=2003&rft.aulast=Young&rft.aufirst=A.&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-maliciouscrypto-62"><a href="#cite_ref-maliciouscrypto_62-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFA._Young,_M._Yung2004" class="citation book cs1">A. Young, <a href="/wiki/Moti_Yung" title="Moti Yung">M. Yung</a> (2004). Malicious Cryptography: Exposing Cryptovirology. Wiley. <a href="/wiki/ISBN_(identifier)" class="mw-redirect" title="ISBN (identifier)">ISBN</a> <a href="/wiki/Special:BookSources/978-0-7645-4975-5" title="Special:BookSources/978-0-7645-4975-5"><bdi>978-0-7645-4975-5</bdi></a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=book&rft.btitle=Malicious+Cryptography%3A+Exposing+Cryptovirology&rft.pub=Wiley&rft.date=2004&rft.isbn=978-0-7645-4975-5&rft.au=A.+Young%2C+M.+Yung&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-4z2LU-63"><a href="#cite_ref-4z2LU_63-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFArntz2020" class="citation web cs1">Arntz, Pieter (10 July 2020). <a rel="nofollow" class="external text" href="https://blog.malwarebytes.com/threat-spotlight/2020/07/threat-spotlight-wastedlocker-customized-ransomware/">"Threat spotlight: WastedLocker, customized ransomware"</a>. Malwarebytes Labs. Retrieved 27 July 2020.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Malwarebytes+Labs&rft.atitle=Threat+spotlight%3A+WastedLocker%2C+customized+ransomware&rft.date=2020-07-10&rft.aulast=Arntz&rft.aufirst=Pieter&rft_id=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-spotlight%2F2020%2F07%2Fthreat-spotlight-wastedlocker-customized-ransomware%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-BPyEx-64"><a href="#cite_ref-BPyEx_64-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFRicker2020" class="citation web cs1">Ricker, Thomas (27 July 2020). <a rel="nofollow" class="external text" href="https://www.theverge.com/2020/7/27/21339910/garmin-back-online-recovery-ransomeware">"Garmin confirms cyber attack as fitness tracking systems come back online"</a>. The Verge. Retrieved 27 July 2020.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=The+Verge&rft.atitle=Garmin+confirms+cyber+attack+as+fitness+tracking+systems+come+back+online&rft.date=2020-07-27&rft.aulast=Ricker&rft.aufirst=Thomas&rft_id=https%3A%2F%2Fwww.theverge.com%2F2020%2F7%2F27%2F21339910%2Fgarmin-back-online-recovery-ransomeware&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-kapersky-androidrw-65">^ <a href="#cite_ref-kapersky-androidrw_65-0">a</a> <a href="#cite_ref-kapersky-androidrw_65-1">b</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://blog.kaspersky.com/mobile-ransomware-2016/12491/">"Ransomware on mobile devices: knock-knock-block"</a>. Kaspersky Lab. 29 June 2016. Retrieved 6 December 2016.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Kaspersky+Lab&rft.atitle=Ransomware+on+mobile+devices%3A+knock-knock-block&rft.date=2016-06-29&rft_id=https%3A%2F%2Fblog.kaspersky.com%2Fmobile-ransomware-2016%2F12491%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-ars-androidransomware-66">^ <a href="#cite_ref-ars-androidransomware_66-0">a</a> <a href="#cite_ref-ars-androidransomware_66-1">b</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://arstechnica.com/security/2014/05/your-android-phone-viewed-illegal-porn-to-unlock-it-pay-a-300-fine/">"Your Android phone viewed illegal porn. To unlock it, pay a $300 fine"</a>. Ars Technica. 6 May 2014. Retrieved 9 April 2017.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Ars+Technica&rft.atitle=Your+Android+phone+viewed+illegal+porn.+To+unlock+it%2C+pay+a+%24300+fine&rft.date=2014-05-06&rft_id=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2014%2F05%2Fyour-android-phone-viewed-illegal-porn-to-unlock-it-pay-a-300-fine%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-pcw-ransomwaredeviceadmin-67"><a href="#cite_ref-pcw-ransomwaredeviceadmin_67-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="http://www.pcworld.com/article/3027123/new-android-ransomware-uses-clickjacking-to-gain-admin-privileges.html">"New Android ransomware uses clickjacking to gain admin privileges"</a>. PC World. 27 January 2016. Retrieved 9 April 2017.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=PC+World&rft.atitle=New+Android+ransomware+uses+clickjacking+to+gain+admin+privileges&rft.date=2016-01-27&rft_id=http%3A%2F%2Fwww.pcworld.com%2Farticle%2F3027123%2Fnew-android-ransomware-uses-clickjacking-to-gain-admin-privileges.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-fortune-findmyiphonerw-68"><a href="#cite_ref-fortune-findmyiphonerw_68-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="http://fortune.com/2016/08/04/apple-iphone-ransomware/">"Here's How to Overcome Newly Discovered iPhone Ransomware"</a>. Fortune. Retrieved 9 April 2017.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Fortune&rft.atitle=Here%27s+How+to+Overcome+Newly+Discovered+iPhone+Ransomware&rft_id=http%3A%2F%2Ffortune.com%2F2016%2F08%2F04%2Fapple-iphone-ransomware%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-ars-iosransom-69"><a href="#cite_ref-ars-iosransom_69-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://arstechnica.com/security/2017/03/ransomware-scammers-exploited-safari-bug-to-extort-porn-viewing-ios-users/">"Ransomware scammers exploited Safari bug to extort porn-viewing iOS users"</a>. Ars Technica. 28 March 2017. Retrieved 9 April 2017.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Ars+Technica&rft.atitle=Ransomware+scammers+exploited+Safari+bug+to+extort+porn-viewing+iOS+users&rft.date=2017-03-28&rft_id=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2017%2F03%2Fransomware-scammers-exploited-safari-bug-to-extort-porn-viewing-ios-users%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-RoX2F-70"><a href="#cite_ref-RoX2F_70-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFAl-Hawawrehden_HartogSitnikova2019" class="citation journal cs1">Al-Hawawreh, Muna; den Hartog, Frank; Sitnikova, Elena (2019). "Targeted Ransomware: A New Cyber Threat to Edge System of Brownfield Industrial Internet of Things". IEEE Internet of Things Journal. 6 (4): 7137–7151. <a href="/wiki/Doi_(identifier)" class="mw-redirect" title="Doi (identifier)">doi</a>:<a rel="nofollow" class="external text" href="https://doi.org/10.1109%2FJIOT.2019.2914390">10.1109/JIOT.2019.2914390</a>. <a href="/wiki/S2CID_(identifier)" class="mw-redirect" title="S2CID (identifier)">S2CID</a> <a rel="nofollow" class="external text" href="https://api.semanticscholar.org/CorpusID:155469264">155469264</a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=IEEE+Internet+of+Things+Journal&rft.atitle=Targeted+Ransomware%3A+A+New+Cyber+Threat+to+Edge+System+of+Brownfield+Industrial+Internet+of+Things&rft.volume=6&rft.issue=4&rft.pages=%3Cspan+class%3D%22nowrap%22%3E7137-%3C%2Fspan%3E7151&rft.date=2019&rft_id=info%3Adoi%2F10.1109%2FJIOT.2019.2914390&rft_id=https%3A%2F%2Fapi.semanticscholar.org%2FCorpusID%3A155469264%23id-name%3DS2CID&rft.aulast=Al-Hawawreh&rft.aufirst=Muna&rft.au=den+Hartog%2C+Frank&rft.au=Sitnikova%2C+Elena&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-hOd8r-71"><a href="#cite_ref-hOd8r_71-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFPalmer" class="citation web cs1">Palmer, Danny. <a rel="nofollow" class="external text" href="https://www.zdnet.com/article/this-is-how-ransomware-could-infect-your-digital-camera/">"This is how ransomware could infect your digital camera"</a>. ZDNet. Retrieved 13 August 2019.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=ZDNet&rft.atitle=This+is+how+ransomware+could+infect+your+digital+camera&rft.aulast=Palmer&rft.aufirst=Danny&rft_id=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-is-how-ransomware-could-infect-your-digital-camera%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-X77eS-72"><a href="#cite_ref-X77eS_72-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFRobeznieks2017" class="citation news cs1">Robeznieks, A. (2017). <a rel="nofollow" class="external text" href="https://web.archive.org/web/20170616193656/https://www.hfma.org/Content.aspx?id=54012">"Ransomware Turning Healthcare Cybersecurity Into a Patient Care Issue"</a>. Healthcare Business News. Healthcare Financial Management Association. Archived from <a rel="nofollow" class="external text" href="https://www.hfma.org/Content.aspx?id=54012">the original</a> on 16 June 2017.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=Healthcare+Business+News&rft.atitle=Ransomware+Turning+Healthcare+Cybersecurity+Into+a+Patient+Care+Issue&rft.date=2017&rft.aulast=Robeznieks&rft.aufirst=A.&rft_id=https%3A%2F%2Fwww.hfma.org%2FContent.aspx%3Fid%3D54012&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-TpWLZ-73"><a href="#cite_ref-TpWLZ_73-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFHeater2016" class="citation cs2">Heater, Brian (13 April 2016), <a rel="nofollow" class="external text" href="http://www.cdsystems.com/docs/PcMagRansomware.pdf">"The Growing Threat of Ransomware"</a> (PDF), <a href="/wiki/PC_Magazine" class="mw-redirect" title="PC Magazine">PC Magazine</a>, retrieved 5 October 2019</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=PC+Magazine&rft.atitle=The+Growing+Threat+of+Ransomware&rft.date=2016-04-13&rft.aulast=Heater&rft.aufirst=Brian&rft_id=http%3A%2F%2Fwww.cdsystems.com%2Fdocs%2FPcMagRansomware.pdf&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-jARvz-74"><a href="#cite_ref-jARvz_74-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation cs2"><a rel="nofollow" class="external text" href="https://www.broadcom.com/support/security-center">"Activity begins to drop, but remains a challenge for organizations"</a>, Internet Security Threat Report (ISTR) 2019, vol. 24, Symantec Corporation, p. 16, 2019, retrieved 5 October 2019</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=Internet+Security+Threat+Report+%28ISTR%29+2019&rft.atitle=Activity+begins+to+drop%2C+but+remains+a+challenge+for+organizations&rft.volume=24&rft.pages=16&rft.date=2019&rft_id=https%3A%2F%2Fwww.broadcom.com%2Fsupport%2Fsecurity-center&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-dudley-75"><a href="#cite_ref-dudley_75-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFDudley2023" class="citation news cs1">Dudley, Renee (17 July 2023). <a rel="nofollow" class="external text" href="https://www.theguardian.com/commentisfree/2023/jul/17/ransomware-gangs-companies-cyber-crime-hackers">"Who are the ransomware gangs wreaking havoc on the world's biggest companies?"</a>. The Guardian.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=The+Guardian&rft.atitle=Who+are+the+ransomware+gangs+wreaking+havoc+on+the+world%27s+biggest+companies%3F&rft.date=2023-07-17&rft.aulast=Dudley&rft.aufirst=Renee&rft_id=https%3A%2F%2Fwww.theguardian.com%2Fcommentisfree%2F2023%2Fjul%2F17%2Fransomware-gangs-companies-cyber-crime-hackers&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-T4Y1I-76"><a href="#cite_ref-T4Y1I_76-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation cs2"><a rel="nofollow" class="external text" href="https://www.zdnet.com/article/first-death-reported-following-a-ransomware-attack-on-a-german-hospital/">First death reported following a ransomware attack on a German hospital</a>, <a href="/wiki/ZDNet" class="mw-redirect" title="ZDNet">ZDNet</a>, retrieved 5 October 2020</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=book&rft.btitle=First+death+reported+following+a+ransomware+attack+on+a+German+hospital&rft.pub=ZDNet&rft_id=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Ffirst-death-reported-following-a-ransomware-attack-on-a-german-hospital%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-77"><a href="#cite_ref-77">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFBeamanBarkworthAkandeHakak2021" class="citation journal cs1">Beaman, Craig; Barkworth, Ashley; Akande, Toluwalope David; Hakak, Saqib; Khan, Muhammad Khurram (1 December 2021). <a rel="nofollow" class="external text" href="https://www.ncbi.nlm.nih.gov/pmc/articles/PMC8463105">"Ransomware: Recent advances, analysis, challenges and future research directions"</a>. Computers & Security. 111: 102490. <a href="/wiki/Doi_(identifier)" class="mw-redirect" title="Doi (identifier)">doi</a>:<a rel="nofollow" class="external text" href="https://doi.org/10.1016%2Fj.cose.2021.102490">10.1016/j.cose.2021.102490</a>. <a href="/wiki/ISSN_(identifier)" class="mw-redirect" title="ISSN (identifier)">ISSN</a> <a rel="nofollow" class="external text" href="https://search.worldcat.org/issn/0167-4048">0167-4048</a>. <a href="/wiki/PMC_(identifier)" class="mw-redirect" title="PMC (identifier)">PMC</a> <a rel="nofollow" class="external text" href="https://www.ncbi.nlm.nih.gov/pmc/articles/PMC8463105">8463105</a>. <a href="/wiki/PMID_(identifier)" class="mw-redirect" title="PMID (identifier)">PMID</a> <a rel="nofollow" class="external text" href="https://pubmed.ncbi.nlm.nih.gov/34602684">34602684</a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=Computers+%26+Security&rft.atitle=Ransomware%3A+Recent+advances%2C+analysis%2C+challenges+and+future+research+directions&rft.volume=111&rft.pages=102490&rft.date=2021-12-01&rft_id=https%3A%2F%2Fwww.ncbi.nlm.nih.gov%2Fpmc%2Farticles%2FPMC8463105%23id-name%3DPMC&rft.issn=0167-4048&rft_id=info%3Apmid%2F34602684&rft_id=info%3Adoi%2F10.1016%2Fj.cose.2021.102490&rft.aulast=Beaman&rft.aufirst=Craig&rft.au=Barkworth%2C+Ashley&rft.au=Akande%2C+Toluwalope+David&rft.au=Hakak%2C+Saqib&rft.au=Khan%2C+Muhammad+Khurram&rft_id=https%3A%2F%2Fwww.ncbi.nlm.nih.gov%2Fpmc%2Farticles%2FPMC8463105&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-milmo-78">^ <a href="#cite_ref-milmo_78-0">a</a> <a href="#cite_ref-milmo_78-1">b</a> <a href="#cite_ref-milmo_78-2">c</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFMilmo2025" class="citation news cs1">Milmo, Dan (5 February 2025). <a rel="nofollow" class="external text" href="https://www.theguardian.com/technology/2025/feb/05/global-ransomware-payments-plunge-by-a-third-amid-crackdown">"Global ransomware payments plunge by a third amid crackdown"</a>. The Guardian.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=The+Guardian&rft.atitle=Global+ransomware+payments+plunge+by+a+third+amid+crackdown&rft.date=2025-02-05&rft.aulast=Milmo&rft.aufirst=Dan&rft_id=https%3A%2F%2Fwww.theguardian.com%2Ftechnology%2F2025%2Ffeb%2F05%2Fglobal-ransomware-payments-plunge-by-a-third-amid-crackdown&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-thejournal-policetrojam-79"><a href="#cite_ref-thejournal-policetrojam_79-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="http://www.thejournal.ie/gardai-garda-police-trojan-scam-virus-logo-locking-488837-Jun2012/">"Gardaí warn of 'Police Trojan' computer locking virus"</a>. TheJournal.ie. 15 June 2012. Retrieved 31 May 2016.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=TheJournal.ie&rft.atitle=Garda%C3%AD+warn+of+%27Police+Trojan%27+computer+locking+virus&rft.date=2012-06-15&rft_id=http%3A%2F%2Fwww.thejournal.ie%2Fgardai-garda-police-trojan-scam-virus-logo-locking-488837-Jun2012%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-KZgG4-80"><a href="#cite_ref-KZgG4_80-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="http://www.thebarrieexaminer.com/2013/03/07/barrie-computer-expert-seeing-an-increase-in-the-effects-of-the-new-ransomware">"Barrie computer expert seeing an increase in the effects of the new ransomware"</a>. Barrie Examiner. Postmedia Network. Retrieved 31 May 2016.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Barrie+Examiner&rft.atitle=Barrie+computer+expert+seeing+an+increase+in+the+effects+of+the+new+ransomware&rft_id=http%3A%2F%2Fwww.thebarrieexaminer.com%2F2013%2F03%2F07%2Fbarrie-computer-expert-seeing-an-increase-in-the-effects-of-the-new-ransomware&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-reg-reve-81"><a href="#cite_ref-reg-reve_81-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.theregister.co.uk/2012/04/05/police_themed_ransomware/">"Fake cop Trojan 'detects offensive materials' on PCs, demands money"</a>. The Register. Retrieved 15 August 2012.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=The+Register&rft.atitle=Fake+cop+Trojan+%27detects+offensive+materials%27+on+PCs%2C+demands+money&rft_id=https%3A%2F%2Fwww.theregister.co.uk%2F2012%2F04%2F05%2Fpolice_themed_ransomware%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-iw-fbi-82">^ <a href="#cite_ref-iw-fbi_82-0">a</a> <a href="#cite_ref-iw-fbi_82-1">b</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation magazine cs1"><a rel="nofollow" class="external text" href="http://www.informationweek.com/security/attacks/reveton-malware-freezes-pcs-demands-paym/240005598">"Reveton Malware Freezes PCs, Demands Payment"</a>. InformationWeek. Retrieved 16 August 2012.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=InformationWeek&rft.atitle=Reveton+Malware+Freezes+PCs%2C+Demands+Payment&rft_id=http%3A%2F%2Fwww.informationweek.com%2Fsecurity%2Fattacks%2Freveton-malware-freezes-pcs-demands-paym%2F240005598&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-tw-pecu-83"><a href="#cite_ref-tw-pecu_83-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFDunn" class="citation web cs1">Dunn, John E. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20140702202942/http://news.techworld.com/security/3373656/police-issue-alert-after-ransom-trojan-infects-1100-pcs/">"Police alert after ransom Trojan locks up 1,100 PCs"</a>. TechWorld. Archived from <a rel="nofollow" class="external text" href="http://news.techworld.com/security/3373656/police-issue-alert-after-ransom-trojan-infects-1100-pcs/">the original</a> on 2 July 2014. Retrieved 16 August 2012.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Police+alert+after+ransom+Trojan+locks+up+1%2C100+PCs&rft.pub=TechWorld&rft.aulast=Dunn&rft.aufirst=John+E.&rft_id=http%3A%2F%2Fnews.techworld.com%2Fsecurity%2F3373656%2Fpolice-issue-alert-after-ransom-trojan-infects-1100-pcs%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-pcw-canusa-84"><a href="#cite_ref-pcw-canusa_84-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFConstantian2012" class="citation magazine cs1">Constantian, Lucian (9 May 2012). <a rel="nofollow" class="external text" href="https://www.pcworld.com/article/255303/policethemed_ransomware_starts_targeting_us_and_canadian_users.html">"Police-themed Ransomware Starts Targeting US and Canadian Users"</a>. PC World. Retrieved 11 May 2012.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=PC+World&rft.atitle=Police-themed+Ransomware+Starts+Targeting+US+and+Canadian+Users&rft.date=2012-05-09&rft.aulast=Constantian&rft.aufirst=Lucian&rft_id=https%3A%2F%2Fwww.pcworld.com%2Farticle%2F255303%2Fpolicethemed_ransomware_starts_targeting_us_and_canadian_users.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-tw-revetonarrest-85"><a href="#cite_ref-tw-revetonarrest_85-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://web.archive.org/web/20141214021849/http://news.techworld.com/security/3426085/reveton-police-ransom-malware-gang-head-arrested-in-dubai/">"Reveton 'police ransom' malware gang head arrested in Dubai"</a>. TechWorld. Archived from <a rel="nofollow" class="external text" href="http://news.techworld.com/security/3426085/reveton-police-ransom-malware-gang-head-arrested-in-dubai/">the original</a> on 14 December 2014. Retrieved 18 October 2014.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=TechWorld&rft.atitle=Reveton+%27police+ransom%27+malware+gang+head+arrested+in+Dubai&rft_id=http%3A%2F%2Fnews.techworld.com%2Fsecurity%2F3426085%2Freveton-police-ransom-malware-gang-head-arrested-in-dubai%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-pcw-revetonupgrade-86"><a href="#cite_ref-pcw-revetonupgrade_86-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="http://www.pcworld.com/article/2466980/reveton-ransomware-upgraded-with-powerful-password-stealer.html">"'Reveton' ransomware upgraded with powerful password stealer"</a>. PC World. 19 August 2014. Retrieved 18 October 2014.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=PC+World&rft.atitle=%27Reveton%27+ransomware+upgraded+with+powerful+password+stealer&rft.date=2014-08-19&rft_id=http%3A%2F%2Fwww.pcworld.com%2Farticle%2F2466980%2Freveton-ransomware-upgraded-with-powerful-password-stealer.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-geek-cryptolocker-87"><a href="#cite_ref-geek-cryptolocker_87-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://web.archive.org/web/20161104045318/http://www.geek.com/apps/disk-encryptiing-cryptolocker-malware-demands-300-to-decrypt-your-files-1570402/">"Disk encrypting Cryptolocker malware demands $300 to decrypt your files"</a>. Geek.com. 11 September 2013. Archived from <a rel="nofollow" class="external text" href="http://www.geek.com/apps/disk-encryptiing-cryptolocker-malware-demands-300-to-decrypt-your-files-1570402/">the original</a> on 4 November 2016. Retrieved 12 September 2013.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Geek.com&rft.atitle=Disk+encrypting+Cryptolocker+malware+demands+%24300+to+decrypt+your+files&rft.date=2013-09-11&rft_id=http%3A%2F%2Fwww.geek.com%2Fapps%2Fdisk-encryptiing-cryptolocker-malware-demands-300-to-decrypt-your-files-1570402%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-guardian-cryptolocker-88"><a href="#cite_ref-guardian-cryptolocker_88-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFFerguson2013" class="citation news cs1">Ferguson, Donna (19 October 2013). <a rel="nofollow" class="external text" href="https://www.theguardian.com/money/2013/oct/19/cryptolocker-attacks-computer-ransomeware">"CryptoLocker attacks that hold your computer to ransom"</a>. The Guardian. Retrieved 23 October 2013.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=The+Guardian&rft.atitle=CryptoLocker+attacks+that+hold+your+computer+to+ransom&rft.date=2013-10-19&rft.aulast=Ferguson&rft.aufirst=Donna&rft_id=https%3A%2F%2Fwww.theguardian.com%2Fmoney%2F2013%2Foct%2F19%2Fcryptolocker-attacks-computer-ransomeware&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-sophos-cryptolocker-89"><a href="#cite_ref-sophos-cryptolocker_89-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://nakedsecurity.sophos.com/2013/10/12/destructive-malware-cryptolocker-on-the-loose/">"Destructive malware "CryptoLocker" on the loose – here's what to do"</a>. Naked Security. Sophos. 12 October 2013. Retrieved 23 October 2013.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Naked+Security&rft.atitle=Destructive+malware+%22CryptoLocker%22+on+the+loose+%E2%80%93+here%27s+what+to+do&rft.date=2013-10-12&rft_id=http%3A%2F%2Fnakedsecurity.sophos.com%2F2013%2F10%2F12%2Fdestructive-malware-cryptolocker-on-the-loose%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-nw-cryptolockersecondchance-90"><a href="#cite_ref-nw-cryptolockersecondchance_90-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://web.archive.org/web/20131105175934/http://www.networkworld.com/community/node/84174">"CryptoLocker crooks charge 10 Bitcoins for second-chance decryption service"</a>. NetworkWorld. 4 November 2013. Archived from <a rel="nofollow" class="external text" href="http://www.networkworld.com/community/node/84174">the original</a> on 5 November 2013. Retrieved 5 November 2013.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=NetworkWorld&rft.atitle=CryptoLocker+crooks+charge+10+Bitcoins+for+second-chance+decryption+service&rft.date=2013-11-04&rft_id=http%3A%2F%2Fwww.networkworld.com%2Fcommunity%2Fnode%2F84174&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-pcw-moremoney-91"><a href="#cite_ref-pcw-moremoney_91-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="http://www.pcworld.com/article/2060640/cryptolocker-creators-try-to-extort-even-more-money-from-victims-with-new-service.html">"CryptoLocker creators try to extort even more money from victims with new service"</a>. PC World. 4 November 2013. Retrieved 5 November 2013.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=PC+World&rft.atitle=CryptoLocker+creators+try+to+extort+even+more+money+from+victims+with+new+service&rft.date=2013-11-04&rft_id=http%3A%2F%2Fwww.pcworld.com%2Farticle%2F2060640%2Fcryptolocker-creators-try-to-extort-even-more-money-from-victims-with-new-service.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-cw-whambam-92"><a href="#cite_ref-cw-whambam_92-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation news cs1"><a rel="nofollow" class="external text" href="https://web.archive.org/web/20140703092912/http://blogs.computerworld.com/cybercrime-and-hacking/23980/wham-bam-global-operation-tovar-whacks-cryptolocker-ransomware-gameover-zeus-botnet">"Wham bam: Global Operation Tovar whacks CryptoLocker ransomware & GameOver Zeus botnet"</a>. Computerworld. IDG. Archived from <a rel="nofollow" class="external text" href="http://blogs.computerworld.com/cybercrime-and-hacking/23980/wham-bam-global-operation-tovar-whacks-cryptolocker-ransomware-gameover-zeus-botnet">the original</a> on 3 July 2014. Retrieved 18 August 2014.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=Computerworld&rft.atitle=Wham+bam%3A+Global+Operation+Tovar+whacks+CryptoLocker+ransomware+%26+GameOver+Zeus+botnet&rft_id=http%3A%2F%2Fblogs.computerworld.com%2Fcybercrime-and-hacking%2F23980%2Fwham-bam-global-operation-tovar-whacks-cryptolocker-ransomware-gameover-zeus-botnet&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-doj-takedown-93"><a href="#cite_ref-doj-takedown_93-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation news cs1"><a rel="nofollow" class="external text" href="https://www.justice.gov/opa/pr/2014/June/14-crm-584.html">"U.S. Leads Multi-National Action Against "Gameover Zeus" Botnet and "Cryptolocker" Ransomware, Charges Botnet Administrator"</a>. Justice.gov. U.S. Department of Justice. Retrieved 18 August 2014.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=Justice.gov&rft.atitle=U.S.+Leads+Multi-National+Action+Against+%22Gameover+Zeus%22+Botnet+and+%22Cryptolocker%22+Ransomware%2C+Charges+Botnet+Administrator&rft_id=https%3A%2F%2Fwww.justice.gov%2Fopa%2Fpr%2F2014%2FJune%2F14-crm-584.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-symantec-aus-94"><a href="#cite_ref-symantec-aus_94-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=c878f0a5-5416-46ca-8a73-8889a53cff2f&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments">"Australians increasingly hit by global tide of cryptomalware"</a>. Symantec. Retrieved 15 October 2014.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Australians+increasingly+hit+by+global+tide+of+cryptomalware&rft.pub=Symantec&rft_id=https%3A%2F%2Fcommunity.broadcom.com%2Fsymantecenterprise%2Fcommunities%2Fcommunity-home%2Flibrarydocuments%2Fviewdocument%3FDocumentKey%3Dc878f0a5-5416-46ca-8a73-8889a53cff2f%26CommunityKey%3D1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68%26tab%3Dlibrarydocuments&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-smh-lockup-95"><a href="#cite_ref-smh-lockup_95-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFGrubb2014" class="citation news cs1">Grubb, Ben (17 September 2014). <a rel="nofollow" class="external text" href="https://www.smh.com.au/it-pro/security-it/hackers-lock-up-thousands-of-australian-computers-demand-ransom-20140917-10hyyh.html">"Hackers lock up thousands of Australian computers, demand ransom"</a>. Sydney Morning Herald. Retrieved 15 October 2014.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=Sydney+Morning+Herald&rft.atitle=Hackers+lock+up+thousands+of+Australian+computers%2C+demand+ransom&rft.date=2014-09-17&rft.aulast=Grubb&rft.aufirst=Ben&rft_id=https%3A%2F%2Fwww.smh.com.au%2Fit-pro%2Fsecurity-it%2Fhackers-lock-up-thousands-of-australian-computers-demand-ransom-20140917-10hyyh.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-arn-cryptolockerf-96"><a href="#cite_ref-arn-cryptolockerf_96-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation news cs1"><a rel="nofollow" class="external text" href="http://www.arnnet.com.au/article/556598/australia-specifically-targeted-by-cryptolocker-symantec/">"Australia specifically targeted by Cryptolocker: Symantec"</a>. ARNnet. 3 October 2014. Retrieved 15 October 2014.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=ARNnet&rft.atitle=Australia+specifically+targeted+by+Cryptolocker%3A+Symantec&rft.date=2014-10-03&rft_id=http%3A%2F%2Fwww.arnnet.com.au%2Farticle%2F556598%2Faustralia-specifically-targeted-by-cryptolocker-symantec%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-smh-cryptowall-97"><a href="#cite_ref-smh-cryptowall_97-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation news cs1"><a rel="nofollow" class="external text" href="https://www.smh.com.au/digital-life/consumer-security/scammers-use-australia-post-to-mask-email-attacks-20141015-10ru0s.html">"Scammers use Australia Post to mask email attacks"</a>. Sydney Morning Herald. 15 October 2014. Retrieved 15 October 2014.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=Sydney+Morning+Herald&rft.atitle=Scammers+use+Australia+Post+to+mask+email+attacks&rft.date=2014-10-15&rft_id=https%3A%2F%2Fwww.smh.com.au%2Fdigital-life%2Fconsumer-security%2Fscammers-use-australia-post-to-mask-email-attacks-20141015-10ru0s.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-cso-abcnews24-98"><a href="#cite_ref-cso-abcnews24_98-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFSteve_Ragan2014" class="citation web cs1">Steve Ragan (7 October 2014). <a rel="nofollow" class="external text" href="https://web.archive.org/web/20161012223059/http://www.csoonline.com/article/2692614/malware-cybercrime/ransomware-attack-knocks-tv-station-off-air.html">"Ransomware attack knocks TV station off air"</a>. CSO. Archived from <a rel="nofollow" class="external text" href="http://www.csoonline.com/article/2692614/malware-cybercrime/ransomware-attack-knocks-tv-station-off-air.html">the original</a> on 12 October 2016. Retrieved 15 October 2014.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=CSO&rft.atitle=Ransomware+attack+knocks+TV+station+off+air&rft.date=2014-10-07&rft.au=Steve+Ragan&rft_id=http%3A%2F%2Fwww.csoonline.com%2Farticle%2F2692614%2Fmalware-cybercrime%2Fransomware-attack-knocks-tv-station-off-air.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-cso-torrentlocker-99"><a href="#cite_ref-cso-torrentlocker_99-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="http://www.cso.com.au/article/562658/over-9-000-pcs-australia-infected-by-torrentlocker-ransomware/">"Over 9,000 PCs in Australia infected by TorrentLocker ransomware"</a>. CSO.com.au. 17 December 2014. Retrieved 18 December 2014.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=CSO.com.au&rft.atitle=Over+9%2C000+PCs+in+Australia+infected+by+TorrentLocker+ransomware&rft.date=2014-12-17&rft_id=http%3A%2F%2Fwww.cso.com.au%2Farticle%2F562658%2Fover-9-000-pcs-australia-infected-by-torrentlocker-ransomware%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-pcw-signedcryptowall-100"><a href="#cite_ref-pcw-signedcryptowall_100-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="http://www.pcworld.com/article/2688992/malvertising-campaign-delivers-digitally-signed-cryptowall-ransomware.html">"Malvertising campaign delivers digitally signed CryptoWall ransomware"</a>. PC World. 29 September 2014. Retrieved 25 June 2015.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=PC+World&rft.atitle=Malvertising+campaign+delivers+digitally+signed+CryptoWall+ransomware&rft.date=2014-09-29&rft_id=http%3A%2F%2Fwww.pcworld.com%2Farticle%2F2688992%2Fmalvertising-campaign-delivers-digitally-signed-cryptowall-ransomware.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-tm-cw3-101"><a href="#cite_ref-tm-cw3_101-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="http://blog.trendmicro.com/trendlabs-security-intelligence/cryptowall-3-0-ransomware-partners-with-fareit-spyware/">"CryptoWall 3.0 Ransomware Partners With FAREIT Spyware"</a>. Trend Micro. 20 March 2015. Retrieved 25 June 2015.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=CryptoWall+3.0+Ransomware+Partners+With+FAREIT+Spyware&rft.pub=Trend+Micro&rft.date=2015-03-20&rft_id=http%3A%2F%2Fblog.trendmicro.com%2Ftrendlabs-security-intelligence%2Fcryptowall-3-0-ransomware-partners-with-fareit-spyware%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-heimdal-102"><a href="#cite_ref-heimdal_102-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFAndra_Zaharia2015" class="citation web cs1">Andra Zaharia (5 November 2015). <a rel="nofollow" class="external text" href="https://heimdalsecurity.com/blog/security-alert-cryptowall-4-0-new-enhanced-and-more-difficult-to-detect/">"Security Alert: CryptoWall 4.0 – new, enhanced and more difficult to detect"</a>. HEIMDAL. Retrieved 5 January 2016.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=HEIMDAL&rft.atitle=Security+Alert%3A+CryptoWall+4.0+%E2%80%93+new%2C+enhanced+and+more+difficult+to+detect&rft.date=2015-11-05&rft.au=Andra+Zaharia&rft_id=https%3A%2F%2Fheimdalsecurity.com%2Fblog%2Fsecurity-alert-cryptowall-4-0-new-enhanced-and-more-difficult-to-detect%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-arAhb-103"><a href="#cite_ref-arAhb_103-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://blog.kaspersky.com/mobile-ransomware-2016/12491/">"Ransomware on mobile devices: knock-knock-block"</a>. Kaspersky Lab. 29 June 2016. Retrieved 4 December 2016.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Kaspersky+Lab&rft.atitle=Ransomware+on+mobile+devices%3A+knock-knock-block&rft.date=2016-06-29&rft_id=https%3A%2F%2Fblog.kaspersky.com%2Fmobile-ransomware-2016%2F12491%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-GQudC-104"><a href="#cite_ref-GQudC_104-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://blog.avast.com/the-evolution-of-mobile-ransomware">"The evolution of mobile ransomware"</a>. Avast. Retrieved 4 December 2016.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Avast&rft.atitle=The+evolution+of+mobile+ransomware&rft_id=https%3A%2F%2Fblog.avast.com%2Fthe-evolution-of-mobile-ransomware&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-875Bv-105"><a href="#cite_ref-875Bv_105-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="http://www.pcworld.com/article/3090049/security/mobile-ransomware-use-jumps-blocking-access-to-phones.html">"Mobile ransomware use jumps, blocking access to phones"</a>. PCWorld. IDG Consumer & SMB. 30 June 2016. Retrieved 4 December 2016.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=PCWorld&rft.atitle=Mobile+ransomware+use+jumps%2C+blocking+access+to+phones&rft.date=2016-06-30&rft_id=http%3A%2F%2Fwww.pcworld.com%2Farticle%2F3090049%2Fsecurity%2Fmobile-ransomware-use-jumps-blocking-access-to-phones.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-:3-106"><a href="#cite_ref-:3_106-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation news cs1"><a rel="nofollow" class="external text" href="https://www.bbc.com/news/world-europe-39907965">"Cyber-attack: Europol says it was unprecedented in scale"</a>. BBC News. 13 May 2017. Retrieved 13 May 2017.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=BBC+News&rft.atitle=Cyber-attack%3A+Europol+says+it+was+unprecedented+in+scale&rft.date=2017-05-13&rft_id=https%3A%2F%2Fwww.bbc.com%2Fnews%2Fworld-europe-39907965&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-cnbc1-107"><a href="#cite_ref-cnbc1_107-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://web.archive.org/web/20170515024912/https://www.cnbc.com/2017/05/14/cyber-attack-hits-200000-in-at-least-150-countries-europol.html">"'Unprecedented' cyberattack hits 200,000 in at least 150 countries, and the threat is escalating"</a>. CNBC. 14 May 2017. Archived from <a rel="nofollow" class="external text" href="https://www.cnbc.com/2017/05/14/cyber-attack-hits-200000-in-at-least-150-countries-europol.html">the original</a> on 15 May 2017. Retrieved 16 May 2017.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=%27Unprecedented%27+cyberattack+hits+200%2C000+in+at+least+150+countries%2C+and+the+threat+is+escalating&rft.pub=CNBC&rft.date=2017-05-14&rft_id=https%3A%2F%2Fwww.cnbc.com%2F2017%2F05%2F14%2Fcyber-attack-hits-200000-in-at-least-150-countries-europol.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-XdMPF-108"><a href="#cite_ref-XdMPF_108-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation news cs1"><a rel="nofollow" class="external text" href="https://www.cnet.com/news/wannacry-ransomware-real-victim-small-business-local-corner-store/">"The real victim of ransomware: Your local corner store"</a>. CNET. Retrieved 22 May 2017.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=CNET&rft.atitle=The+real+victim+of+ransomware%3A+Your+local+corner+store&rft_id=https%3A%2F%2Fwww.cnet.com%2Fnews%2Fwannacry-ransomware-real-victim-small-business-local-corner-store%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-SR6W5-109"><a href="#cite_ref-SR6W5_109-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFMarsh2017" class="citation news cs1">Marsh, Sarah (12 May 2017). <a rel="nofollow" class="external text" href="https://www.theguardian.com/society/2017/may/12/global-cyber-attack-nhs-trusts-malware">"The NHS trusts hit by malware – full list"</a>. <a href="/wiki/The_Guardian" title="The Guardian">The Guardian</a>. Retrieved 12 May 2017.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=The+Guardian&rft.atitle=The+NHS+trusts+hit+by+malware+%E2%80%93+full+list&rft.date=2017-05-12&rft.aulast=Marsh&rft.aufirst=Sarah&rft_id=https%3A%2F%2Fwww.theguardian.com%2Fsociety%2F2017%2Fmay%2F12%2Fglobal-cyber-attack-nhs-trusts-malware&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-QH5LF-110"><a href="#cite_ref-QH5LF_110-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation news cs1"><a rel="nofollow" class="external text" href="https://www.reuters.com/article/us-honda-cyberattack-idUSKBN19C0EI">"Honda halts Japan car plant after WannaCry virus hits computer network"</a>. Reuters. 21 June 2017. Retrieved 21 June 2017.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=Reuters&rft.atitle=Honda+halts+Japan+car+plant+after+WannaCry+virus+hits+computer+network&rft.date=2017-06-21&rft_id=https%3A%2F%2Fwww.reuters.com%2Farticle%2Fus-honda-cyberattack-idUSKBN19C0EI&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-pUvxl-111"><a href="#cite_ref-pUvxl_111-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation news cs1"><a rel="nofollow" class="external text" href="https://www.wthr.com/article/news/world/the-latest-russian-interior-ministry-is-hit-by-cyberattack-0/531-887e72b5-1310-48a2-ac46-ec9a3da10515">"The Latest: Russian Interior Ministry is hit by cyberattack"</a>. <a href="/wiki/WTHR" title="WTHR">WTHR</a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=WTHR&rft.atitle=The+Latest%3A+Russian+Interior+Ministry+is+hit+by+cyberattack&rft_id=https%3A%2F%2Fwww.wthr.com%2Farticle%2Fnews%2Fworld%2Fthe-latest-russian-interior-ministry-is-hit-by-cyberattack-0%2F531-887e72b5-1310-48a2-ac46-ec9a3da10515&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-vgdfz-112"><a href="#cite_ref-vgdfz_112-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFScottGoel2017" class="citation news cs1">Scott, Paul Mozur, Mark; Goel, Vindu (19 May 2017). <a rel="nofollow" class="external text" href="https://www.nytimes.com/2017/05/19/business/hacking-malware-wanncry-ransomware-deadline.html">"Victims Call Hackers' Bluff as Ransomware Deadline Nears"</a>. The New York Times. <a href="/wiki/ISSN_(identifier)" class="mw-redirect" title="ISSN (identifier)">ISSN</a> <a rel="nofollow" class="external text" href="https://search.worldcat.org/issn/0362-4331">0362-4331</a>. Retrieved 22 May 2017.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=The+New+York+Times&rft.atitle=Victims+Call+Hackers%27+Bluff+as+Ransomware+Deadline+Nears&rft.date=2017-05-19&rft.issn=0362-4331&rft.aulast=Scott&rft.aufirst=Paul+Mozur%2C+Mark&rft.au=Goel%2C+Vindu&rft_id=https%3A%2F%2Fwww.nytimes.com%2F2017%2F05%2F19%2Fbusiness%2Fhacking-malware-wanncry-ransomware-deadline.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"><code class="cs1-code">{{<a href="/wiki/Template:Cite_news" title="Template:Cite news">cite news</a>}}</code>: CS1 maint: multiple names: authors list (<a href="/wiki/Category:CS1_maint:_multiple_names:_authors_list" title="Category:CS1 maint: multiple names: authors list">link</a>) </li> <li id="cite_note-nw-petyadouble-113"><a href="#cite_ref-nw-petyadouble_113-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFConstantin" class="citation news cs1">Constantin, Lucian. <a rel="nofollow" class="external text" href="http://www.networkworld.com/article/3069990/petya-ransomware-is-now-double-the-trouble.html">"Petya ransomware is now double the trouble"</a>. NetworkWorld. Retrieved 27 June 2017.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=NetworkWorld&rft.atitle=Petya+ransomware+is+now+double+the+trouble&rft.aulast=Constantin&rft.aufirst=Lucian&rft_id=http%3A%2F%2Fwww.networkworld.com%2Farticle%2F3069990%2Fpetya-ransomware-is-now-double-the-trouble.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-pj7dV-114"><a href="#cite_ref-pj7dV_114-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.safetydetective.com/blog/ransomware-statistics/">"Ransomware Statistics for 2018 | Safety Detective"</a>. Safety Detective. 23 October 2018. Retrieved 20 November 2018.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Safety+Detective&rft.atitle=Ransomware+Statistics+for+2018+%7C+Safety+Detective&rft.date=2018-10-23&rft_id=https%3A%2F%2Fwww.safetydetective.com%2Fblog%2Fransomware-statistics%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-ars-wiper-115"><a href="#cite_ref-ars-wiper_115-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://arstechnica.com/security/2017/06/petya-outbreak-was-a-chaos-sowing-wiper-not-profit-seeking-ransomware/">"Tuesday's massive ransomware outbreak was, in fact, something much worse"</a>. Ars Technica. 28 June 2017. Retrieved 28 June 2017.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Ars+Technica&rft.atitle=Tuesday%27s+massive+ransomware+outbreak+was%2C+in+fact%2C+something+much+worse&rft.date=2017-06-28&rft_id=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2017%2F06%2Fpetya-outbreak-was-a-chaos-sowing-wiper-not-profit-seeking-ransomware%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-BBCPMdc-116"><a href="#cite_ref-BBCPMdc_116-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation news cs1"><a rel="nofollow" class="external text" href="https://www.bbc.com/news/technology-40442578">"Cyber-attack was about data and not money, say experts"</a>. BBC News. 29 June 2017. Retrieved 29 June 2017.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=BBC+News&rft.atitle=Cyber-attack+was+about+data+and+not+money%2C+say+experts&rft.date=2017-06-29&rft_id=https%3A%2F%2Fwww.bbc.com%2Fnews%2Ftechnology-40442578&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-s0U5I-117"><a href="#cite_ref-s0U5I_117-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.bbc.com/news/technology-41740768">"'Bad Rabbit' ransomware strikes Ukraine and Russia"</a>. <a href="/wiki/BBC" title="BBC">BBC</a>. 24 October 2017. Retrieved 24 October 2017.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=BBC&rft.atitle=%27Bad+Rabbit%27+ransomware+strikes+Ukraine+and+Russia&rft.date=2017-10-24&rft_id=https%3A%2F%2Fwww.bbc.com%2Fnews%2Ftechnology-41740768&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-x5Sa9-118"><a href="#cite_ref-x5Sa9_118-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFHern2017" class="citation web cs1">Hern, Alex (25 October 2017). <a rel="nofollow" class="external text" href="https://www.theguardian.com/technology/2017/oct/25/bad-rabbit-game-of-thrones-ransomware-europe-notpetya-bitcoin-decryption-key">"Bad Rabbit: Game of Thrones-referencing ransomware hits Europe"</a>. Theguardian.com. Retrieved 25 October 2017.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Theguardian.com&rft.atitle=Bad+Rabbit%3A+Game+of+Thrones-referencing+ransomware+hits+Europe&rft.date=2017-10-25&rft.aulast=Hern&rft.aufirst=Alex&rft_id=https%3A%2F%2Fwww.theguardian.com%2Ftechnology%2F2017%2Foct%2F25%2Fbad-rabbit-game-of-thrones-ransomware-europe-notpetya-bitcoin-decryption-key&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-cnn_badrabbit-119">^ <a href="#cite_ref-cnn_badrabbit_119-0">a</a> <a href="#cite_ref-cnn_badrabbit_119-1">b</a> <a href="#cite_ref-cnn_badrabbit_119-2">c</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFLarson2017" class="citation web cs1">Larson, Selena (25 October 2017). <a rel="nofollow" class="external text" href="https://money.cnn.com/2017/10/24/technology/bad-rabbit-ransomware-attack/index.html">"New ransomware attack hits Russia and spreads around globe"</a>. <a href="/wiki/CNN" title="CNN">CNN</a>. Retrieved 25 October 2017.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=CNN&rft.atitle=New+ransomware+attack+hits+Russia+and+spreads+around+globe&rft.date=2017-10-25&rft.aulast=Larson&rft.aufirst=Selena&rft_id=https%3A%2F%2Fmoney.cnn.com%2F2017%2F10%2F24%2Ftechnology%2Fbad-rabbit-ransomware-attack%2Findex.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-ExXCs-120"><a href="#cite_ref-ExXCs_120-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://blog.malwarebytes.com/threat-analysis/2017/10/badrabbit-closer-look-new-version-petyanotpetya/">"BadRabbit: a closer look at the new version of Petya/NotPetya"</a>. Malwarebytes Labs. 24 October 2017. Retrieved 31 July 2019.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Malwarebytes+Labs&rft.atitle=BadRabbit%3A+a+closer+look+at+the+new+version+of+Petya%2FNotPetya&rft.date=2017-10-24&rft_id=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2017%2F10%2Fbadrabbit-closer-look-new-version-petyanotpetya%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-8uHtf-121"><a href="#cite_ref-8uHtf_121-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFPalmer" class="citation web cs1">Palmer, Danny. <a rel="nofollow" class="external text" href="https://www.zdnet.com/article/bad-rabbit-ten-things-you-need-to-know-about-the-latest-ransomware-outbreak/">"Bad Rabbit: Ten things you need to know about the latest ransomware outbreak"</a>. ZDNet. Retrieved 31 July 2019.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=ZDNet&rft.atitle=Bad+Rabbit%3A+Ten+things+you+need+to+know+about+the+latest+ransomware+outbreak&rft.aulast=Palmer&rft.aufirst=Danny&rft_id=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fbad-rabbit-ten-things-you-need-to-know-about-the-latest-ransomware-outbreak%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-9xGE6-122"><a href="#cite_ref-9xGE6_122-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFCameron2017" class="citation web cs1">Cameron, Dell (24 October 2017). <a rel="nofollow" class="external text" href="https://gizmodo.com/bad-rabbit-ransomware-strikes-russia-and-ukraine-1819814538">"'Bad Rabbit' Ransomware Strikes Russia and Ukraine"</a>. <a href="/wiki/Gizmodo" title="Gizmodo">Gizmodo</a>. Retrieved 24 October 2017.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Gizmodo&rft.atitle=%27Bad+Rabbit%27+Ransomware+Strikes+Russia+and+Ukraine&rft.date=2017-10-24&rft.aulast=Cameron&rft.aufirst=Dell&rft_id=https%3A%2F%2Fgizmodo.com%2Fbad-rabbit-ransomware-strikes-russia-and-ukraine-1819814538&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-5B1fR-123"><a href="#cite_ref-5B1fR_123-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFPalmer2017" class="citation web cs1">Palmer, Danny (24 October 2017). <a rel="nofollow" class="external text" href="https://www.zdnet.com/article/bad-rabbit-ransomware-a-new-variant-of-petya-is-spreading-warn-researchers/">"Bad Rabbit ransomware: A new variant of Petya is spreading, warn researchers"</a>. <a href="/wiki/ZDNet" class="mw-redirect" title="ZDNet">ZDNet</a>. Retrieved 24 October 2017.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=ZDNet&rft.atitle=Bad+Rabbit+ransomware%3A+A+new+variant+of+Petya+is+spreading%2C+warn+researchers&rft.date=2017-10-24&rft.aulast=Palmer&rft.aufirst=Danny&rft_id=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fbad-rabbit-ransomware-a-new-variant-of-petya-is-spreading-warn-researchers%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-B7U50-124"><a href="#cite_ref-B7U50_124-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFRashid2016" class="citation web cs1">Rashid, Fahmida Y. (19 April 2016). <a rel="nofollow" class="external text" href="https://www.infoworld.com/article/3058254/security/patch-jboss-now-to-prevent-samsam-ransomware-attacks.html">"Patch JBoss now to prevent SamSam ransomware attacks"</a>. InfoWorld. IDG. Retrieved 23 July 2018.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=InfoWorld&rft.atitle=Patch+JBoss+now+to+prevent+SamSam+ransomware+attacks&rft.date=2016-04-19&rft.aulast=Rashid&rft.aufirst=Fahmida+Y.&rft_id=https%3A%2F%2Fwww.infoworld.com%2Farticle%2F3058254%2Fsecurity%2Fpatch-jboss-now-to-prevent-samsam-ransomware-attacks.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-Barkley-125">^ <a href="#cite_ref-Barkley_125-0">a</a> <a href="#cite_ref-Barkley_125-1">b</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFCrowe2018" class="citation web cs1">Crowe, Jonathan (March 2018). <a rel="nofollow" class="external text" href="https://web.archive.org/web/20180718205025/https://blog.barkly.com/atlanta-ransomware-attack-2018-samsam">"City of Atlanta Hit with SamSam Ransomware: 5 Key Things to Know"</a>. Barkley vs Malware. Barkley Protects, Inc. Archived from <a rel="nofollow" class="external text" href="https://blog.barkly.com/atlanta-ransomware-attack-2018-samsam">the original</a> on 18 July 2018. Retrieved 18 July 2018.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Barkley+vs+Malware&rft.atitle=City+of+Atlanta+Hit+with+SamSam+Ransomware%3A+5+Key+Things+to+Know&rft.date=2018-03&rft.aulast=Crowe&rft.aufirst=Jonathan&rft_id=https%3A%2F%2Fblog.barkly.com%2Fatlanta-ransomware-attack-2018-samsam&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-pPjwC-126"><a href="#cite_ref-pPjwC_126-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFFederal_Bureau_of_Investigation" class="citation cs2"><a href="/wiki/Federal_Bureau_of_Investigation" title="Federal Bureau of Investigation">Federal Bureau of Investigation</a>, <a rel="nofollow" class="external text" href="https://www.fbi.gov/wanted/cyber/samsam-subjects/samsam-subjects-fbi-wanted-8-5x11.pdf">Wanted by the FBI: SamSam Subjects</a> (PDF), U.S. Department of Justice, retrieved 5 October 2019</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=book&rft.btitle=Wanted+by+the+FBI%3A+SamSam+Subjects&rft.pub=U.S.+Department+of+Justice&rft.au=Federal+Bureau+of+Investigation&rft_id=https%3A%2F%2Fwww.fbi.gov%2Fwanted%2Fcyber%2Fsamsam-subjects%2Fsamsam-subjects-fbi-wanted-8-5x11.pdf&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-SamSam_DOJ_release-127"><a href="#cite_ref-SamSam_DOJ_release_127-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation pressrelease cs1"><a rel="nofollow" class="external text" href="https://www.justice.gov/opa/pr/two-iranian-men-indicted-deploying-ransomware-extort-hospitals-municipalities-and-public">"Two Iranian Men Indicted for Deploying Ransomware to Extort Hospitals, Municipalities, and Public Institutions, Causing Over $30 Million in Losses"</a> (Press release). United States Department of Justice. 28 November 2018. Retrieved 11 December 2018.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Two+Iranian+Men+Indicted+for+Deploying+Ransomware+to+Extort+Hospitals%2C+Municipalities%2C+and+Public+Institutions%2C+Causing+Over+%2430+Million+in+Losses&rft.pub=United+States+Department+of+Justice&rft.date=2018-11-28&rft_id=https%3A%2F%2Fwww.justice.gov%2Fopa%2Fpr%2Ftwo-iranian-men-indicted-deploying-ransomware-extort-hospitals-municipalities-and-public&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-utYCU-128"><a href="#cite_ref-utYCU_128-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFWhittaker" class="citation web cs1">Whittaker, Zack. <a rel="nofollow" class="external text" href="https://www.zdnet.com/article/why-you-should-never-talk-to-windows-tech-support-scammers/">"We talked to Windows tech support scammers. Here's why you shouldn't"</a>. ZDNet. Retrieved 6 November 2019.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=ZDNet&rft.atitle=We+talked+to+Windows+tech+support+scammers.+Here%27s+why+you+shouldn%27t&rft.aulast=Whittaker&rft.aufirst=Zack&rft_id=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fwhy-you-should-never-talk-to-windows-tech-support-scammers%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-lR0Oo-129"><a href="#cite_ref-lR0Oo_129-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.ghacks.net/2017/06/26/windows-10-fall-creators-update-no-support-for-syskey-exe/">"Windows 10 Fall Creators Update: syskey.exe support dropped"</a>. gHacks. 26 June 2017. Retrieved 6 November 2019.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=gHacks&rft.atitle=Windows+10+Fall+Creators+Update%3A+syskey.exe+support+dropped&rft.date=2017-06-26&rft_id=https%3A%2F%2Fwww.ghacks.net%2F2017%2F06%2F26%2Fwindows-10-fall-creators-update-no-support-for-syskey-exe%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-f5ckp-130"><a href="#cite_ref-f5ckp_130-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://support.microsoft.com/en-hk/help/4025993/syskey-exe-utility-is-no-longer-supported-in-windows-10-windows-server">"Syskey.exe utility is no longer supported in Windows 10, Windows Server 2016 and Windows Server 2019"</a>. Microsoft. Retrieved 6 November 2019.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Syskey.exe+utility+is+no+longer+supported+in+Windows+10%2C+Windows+Server+2016+and+Windows+Server+2019&rft.pub=Microsoft&rft_id=https%3A%2F%2Fsupport.microsoft.com%2Fen-hk%2Fhelp%2F4025993%2Fsyskey-exe-utility-is-no-longer-supported-in-windows-10-windows-server&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-131"><a href="#cite_ref-131">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.independent.co.uk/news/world/americas/us-politics/revil-ransomware-russia-us-latest-b1883490.html">"Russian-based ransomware group 'REvil' disappears after hitting US businesses"</a>. The Independent. 13 July 2021.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=The+Independent&rft.atitle=Russian-based+ransomware+group+%27REvil%27+disappears+after+hitting+US+businesses&rft.date=2021-07-13&rft_id=https%3A%2F%2Fwww.independent.co.uk%2Fnews%2Fworld%2Famericas%2Fus-politics%2Frevil-ransomware-russia-us-latest-b1883490.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-132"><a href="#cite_ref-132">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.nbcnews.com/tech/tech-news/russian-speaking-ransomware-gang-goes-offline-rcna1403">"Prolific ransomware gang suddenly disappears from internet. The timing is noteworthy"</a>. NBC News. 14 July 2021.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=NBC+News&rft.atitle=Prolific+ransomware+gang+suddenly+disappears+from+internet.+The+timing+is+noteworthy.&rft.date=2021-07-14&rft_id=https%3A%2F%2Fwww.nbcnews.com%2Ftech%2Ftech-news%2Frussian-speaking-ransomware-gang-goes-offline-rcna1403&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-133"><a href="#cite_ref-133">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.mcafee.com/blogs/other-blogs/mcafee-labs/mcafee-atr-analyzes-sodinokibi-aka-revil-ransomware-as-a-service-the-all-stars/">"McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service - The All-Stars"</a>. 2 October 2019.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=McAfee+ATR+Analyzes+Sodinokibi+aka+REvil+Ransomware-as-a-Service+-+The+All-Stars&rft.date=2019-10-02&rft_id=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fmcafee-atr-analyzes-sodinokibi-aka-revil-ransomware-as-a-service-the-all-stars%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-134"><a href="#cite_ref-134">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://apnews.com/article/joe-biden-europe-technology-government-and-politics-russia-df7ef73f02bcba61ad6e628aa95a9f84">"Biden tells Putin Russia must crack down on cybercriminals"</a>. AP NEWS. 9 July 2021.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=AP+NEWS&rft.atitle=Biden+tells+Putin+Russia+must+crack+down+on+cybercriminals&rft.date=2021-07-09&rft_id=https%3A%2F%2Fapnews.com%2Farticle%2Fjoe-biden-europe-technology-government-and-politics-russia-df7ef73f02bcba61ad6e628aa95a9f84&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-135"><a href="#cite_ref-135">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFSanger2021" class="citation news cs1">Sanger, David E. (13 July 2021). <a rel="nofollow" class="external text" href="https://ghostarchive.org/archive/20211228/https://www.nytimes.com/2021/07/13/us/politics/russia-hacking-ransomware-revil.html">"Russia's most aggressive ransomware group disappeared. It's unclear who disabled them"</a>. The New York Times. Archived from <a rel="nofollow" class="external text" href="https://www.nytimes.com/2021/07/13/us/politics/russia-hacking-ransomware-revil.html">the original</a> on 28 December 2021.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=The+New+York+Times&rft.atitle=Russia%27s+most+aggressive+ransomware+group+disappeared.+It%27s+unclear+who+disabled+them.&rft.date=2021-07-13&rft.aulast=Sanger&rft.aufirst=David+E.&rft_id=https%3A%2F%2Fwww.nytimes.com%2F2021%2F07%2F13%2Fus%2Fpolitics%2Frussia-hacking-ransomware-revil.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-Vanishes-136"><a href="#cite_ref-Vanishes_136-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFBrian_FungZachary_CohenGeneva_Sands2021" class="citation web cs1">Brian Fung; Zachary Cohen; Geneva Sands (13 July 2021). <a rel="nofollow" class="external text" href="https://www.cnn.com/2021/07/13/tech/revil-ransomware-disappears/index.html">"Ransomware gang that hit meat supplier mysteriously vanishes from the internet"</a>. CNN Business.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=CNN+Business&rft.atitle=Ransomware+gang+that+hit+meat+supplier+mysteriously+vanishes+from+the+internet&rft.date=2021-07-13&rft.au=Brian+Fung&rft.au=Zachary+Cohen&rft.au=Geneva+Sands&rft_id=https%3A%2F%2Fwww.cnn.com%2F2021%2F07%2F13%2Ftech%2Frevil-ransomware-disappears%2Findex.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-malwarebytes-137"><a href="#cite_ref-malwarebytes_137-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFCannell2013" class="citation web cs1">Cannell, Joshua (8 October 2013). <a rel="nofollow" class="external text" href="https://blog.malwarebytes.com/101/2013/10/cryptolocker-ransomware-what-you-need-to-know/">"Cryptolocker Ransomware: What You Need To Know, last updated 06/02/2014"</a>. <a href="/wiki/Malwarebytes" title="Malwarebytes">Malwarebytes</a> Unpacked. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20210930200636/https://blog.malwarebytes.com/101/2013/10/cryptolocker-ransomware-what-you-need-to-know/">Archived</a> from the original on 30 September 2021. Retrieved 19 October 2013.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Malwarebytes+Unpacked&rft.atitle=Cryptolocker+Ransomware%3A+What+You+Need+To+Know%2C+last+updated+06%2F02%2F2014&rft.date=2013-10-08&rft.aulast=Cannell&rft.aufirst=Joshua&rft_id=https%3A%2F%2Fblog.malwarebytes.com%2F101%2F2013%2F10%2Fcryptolocker-ransomware-what-you-need-to-know%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-register-138"><a href="#cite_ref-register_138-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFLeyden" class="citation web cs1">Leyden, Josh. <a rel="nofollow" class="external text" href="https://www.theregister.com/2013/10/18/cryptolocker_ransmware">"Fiendish CryptoLocker ransomware: Whatever you do, don't PAY"</a>. <a href="/wiki/The_Register" title="The Register">The Register</a>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20210813214911/https://www.theregister.com/2013/10/18/cryptolocker_ransmware">Archived</a> from the original on 13 August 2021. Retrieved 18 October 2013.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=The+Register&rft.atitle=Fiendish+CryptoLocker+ransomware%3A+Whatever+you+do%2C+don%27t+PAY&rft.aulast=Leyden&rft.aufirst=Josh&rft_id=https%3A%2F%2Fwww.theregister.com%2F2013%2F10%2F18%2Fcryptolocker_ransmware&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-securityweek131119-139"><a href="#cite_ref-securityweek131119_139-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.securityweek.com/cryptolocker-infections-rise-us-cert-issues-warning">"Cryptolocker Infections on the Rise; US-CERT Issues Warning"</a>. SecurityWeek. 19 November 2013. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20210527161032/https://www.securityweek.com/cryptolocker-infections-rise-us-cert-issues-warning">Archived</a> from the original on 27 May 2021. Retrieved 18 January 2014.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=SecurityWeek&rft.atitle=Cryptolocker+Infections+on+the+Rise%3B+US-CERT+Issues+Warning&rft.date=2013-11-19&rft_id=https%3A%2F%2Fwww.securityweek.com%2Fcryptolocker-infections-rise-us-cert-issues-warning&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-comodo-140"><a href="#cite_ref-comodo_140-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFMetin" class="citation web cs1">Metin, Ozer. <a rel="nofollow" class="external text" href="https://techtalk.comodo.com/2020/10/10/applying-attack-surface-reduction-on-top-of-attack-surface-reduction-asr2/">"Applying attack surface reduction"</a>. <a href="/wiki/Comodo_Cybersecurity" class="mw-redirect" title="Comodo Cybersecurity">Comodo Cybersecurity</a>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20211005003825/https://techtalk.comodo.com/2020/10/10/applying-attack-surface-reduction-on-top-of-attack-surface-reduction-asr2/">Archived</a> from the original on 5 October 2021. Retrieved 27 August 2020.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Applying+attack+surface+reduction&rft.pub=Comodo+Cybersecurity&rft.aulast=Metin&rft.aufirst=Ozer&rft_id=https%3A%2F%2Ftechtalk.comodo.com%2F2020%2F10%2F10%2Fapplying-attack-surface-reduction-on-top-of-attack-surface-reduction-asr2%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-Microsoft-141"><a href="#cite_ref-Microsoft_141-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/overview-attack-surface-reduction?view=o365-worldwide">"Overview of attack surface reduction capabilities"</a>. <a href="/wiki/Microsoft" title="Microsoft">Microsoft</a>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20211118052451/https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/overview-attack-surface-reduction?view=o365-worldwide">Archived</a> from the original on 18 November 2021. Retrieved 6 February 2020.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Overview+of+attack+surface+reduction+capabilities&rft.pub=Microsoft&rft_id=https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fdefender-endpoint%2Foverview-attack-surface-reduction%3Fview%3Do365-worldwide&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-security-142"><a href="#cite_ref-security_142-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://techtalk.comodo.com/2020/08/17/comodos-patented-kernel-api-virtualization-under-the-hood/">"Comodo's patented "Kernel API Virtualization" – Under the Hood"</a>. <a href="/wiki/Comodo_Cybersecurity" class="mw-redirect" title="Comodo Cybersecurity">Comodo Cybersecurity</a>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20211004234110/https://techtalk.comodo.com/2020/08/17/comodos-patented-kernel-api-virtualization-under-the-hood/">Archived</a> from the original on 4 October 2021. Retrieved 27 August 2020.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Comodo%27s+patented+%22Kernel+API+Virtualization%22+%E2%80%93+Under+the+Hood&rft.pub=Comodo+Cybersecurity&rft_id=https%3A%2F%2Ftechtalk.comodo.com%2F2020%2F08%2F17%2Fcomodos-patented-kernel-api-virtualization-under-the-hood%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-9ZQll-143"><a href="#cite_ref-9ZQll_143-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://krebsonsecurity.com/2017/06/petya-ransomware-outbreak-goes-global/">"'Petya' Ransomware Outbreak Goes Global"</a>. krebsonsecurity.com. Krebs on Security. 28 June 2017. Retrieved 29 June 2017.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=krebsonsecurity.com&rft.atitle=%27Petya%27+Ransomware+Outbreak+Goes+Global&rft.date=2017-06-28&rft_id=https%3A%2F%2Fkrebsonsecurity.com%2F2017%2F06%2Fpetya-ransomware-outbreak-goes-global%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-79rIM-144"><a href="#cite_ref-79rIM_144-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.cnet.com/how-to/petya-goldeneye-malware-ransomware-protect-yourself-against/">"How to protect yourself from Petya malware"</a>. CNET. Retrieved 29 June 2017.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=CNET&rft.atitle=How+to+protect+yourself+from+Petya+malware&rft_id=https%3A%2F%2Fwww.cnet.com%2Fhow-to%2Fpetya-goldeneye-malware-ransomware-protect-yourself-against%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-QMbFF-145"><a href="#cite_ref-QMbFF_145-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation news cs1"><a rel="nofollow" class="external text" href="http://economictimes.indiatimes.com/tech/internet/petya-ransomware-attack-what-you-should-do-so-that-your-security-is-not-compromised/articleshow/59357161.cms">"Petya ransomware attack: What you should do so that your security is not compromised"</a>. The Economic Times. 29 June 2017. Retrieved 29 June 2017.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=The+Economic+Times&rft.atitle=Petya+ransomware+attack%3A+What+you+should+do+so+that+your+security+is+not+compromised&rft.date=2017-06-29&rft_id=http%3A%2F%2Feconomictimes.indiatimes.com%2Ftech%2Finternet%2Fpetya-ransomware-attack-what-you-should-do-so-that-your-security-is-not-compromised%2Farticleshow%2F59357161.cms&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-Fo2QN-146"><a href="#cite_ref-Fo2QN_146-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.tomsguide.com/us/petya-ransomware-attack,news-25389.html">"New 'Petya' Ransomware Attack Spreads: What to Do"</a>. Tom's Guide. 27 June 2017. Retrieved 29 June 2017.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=New+%27Petya%27+Ransomware+Attack+Spreads%3A+What+to+Do&rft.pub=Tom%27s+Guide&rft.date=2017-06-27&rft_id=https%3A%2F%2Fwww.tomsguide.com%2Fus%2Fpetya-ransomware-attack%2Cnews-25389.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-ecot-147"><a href="#cite_ref-ecot_147-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation news cs1"><a rel="nofollow" class="external text" href="http://economictimes.indiatimes.com/tech/internet/india-worst-hit-by-petya-in-apac-7th-globally-symantec/articleshow/59367013.cms">"India worst hit by Petya in APAC, 7th globally: Symantec"</a>. The Economic Times. 29 June 2017. Retrieved 29 June 2017.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=The+Economic+Times&rft.atitle=India+worst+hit+by+Petya+in+APAC%2C+7th+globally%3A+Symantec&rft.date=2017-06-29&rft_id=http%3A%2F%2Feconomictimes.indiatimes.com%2Ftech%2Finternet%2Findia-worst-hit-by-petya-in-apac-7th-globally-symantec%2Farticleshow%2F59367013.cms&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-TpOx8-148"><a href="#cite_ref-TpOx8_148-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="http://www.thenational.ae/uae/technology/tra-issues-advice-to-protect-against-latest-ransomware-petya">"TRA issues advice to protect against latest ransomware Petya | The National"</a>. 29 June 2017. Retrieved 29 June 2017.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=TRA+issues+advice+to+protect+against+latest+ransomware+Petya+%7C+The+National&rft.date=2017-06-29&rft_id=http%3A%2F%2Fwww.thenational.ae%2Fuae%2Ftechnology%2Ftra-issues-advice-to-protect-against-latest-ransomware-petya&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-dAeHq-149"><a href="#cite_ref-dAeHq_149-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://web.archive.org/web/20210213073917/https://www.fireeye.com/blog/threat-research/2017/06/petya-ransomware-spreading-via-eternalblue-exploit.html">"Petya Ransomware Spreading Via EternalBlue Exploit « Threat Research Blog"</a>. FireEye. Archived from <a rel="nofollow" class="external text" href="https://www.fireeye.com/blog/threat-research/2017/06/petya-ransomware-spreading-via-eternalblue-exploit.html">the original</a> on 13 February 2021. Retrieved 29 June 2017.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Petya+Ransomware+Spreading+Via+EternalBlue+Exploit+%C2%AB+Threat+Research+Blog&rft.pub=FireEye&rft_id=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2017%2F06%2Fpetya-ransomware-spreading-via-eternalblue-exploit.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-chang-150">^ <a href="#cite_ref-chang_150-0">a</a> <a href="#cite_ref-chang_150-1">b</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFChang2012" class="citation book cs1">Chang, Yao-Chung (2012). <a rel="nofollow" class="external text" href="https://books.google.com/books?id=8HsK_QZBIpkC&pg=PR9">Cybercrime in the Greater China Region: Regulatory Responses and Crime Prevention Across the Taiwan Strait</a>. Edward Elgar Publishing. <a href="/wiki/ISBN_(identifier)" class="mw-redirect" title="ISBN (identifier)">ISBN</a> <a href="/wiki/Special:BookSources/9780857936684" title="Special:BookSources/9780857936684"><bdi>9780857936684</bdi></a>. Retrieved 30 June 2017.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=book&rft.btitle=Cybercrime+in+the+Greater+China+Region%3A+Regulatory+Responses+and+Crime+Prevention+Across+the+Taiwan+Strait&rft.pub=Edward+Elgar+Publishing&rft.date=2012&rft.isbn=9780857936684&rft.aulast=Chang&rft.aufirst=Yao-Chung&rft_id=https%3A%2F%2Fbooks.google.com%2Fbooks%3Fid%3D8HsK_QZBIpkC%26pg%3DPR9&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-RGPV7-151"><a href="#cite_ref-RGPV7_151-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://practiceindex.co.uk/gp/blog/it-technology/infection-control-for-your-computers-protecting-against-cyber-crime/">"Infection control for your computers: Protecting against cyber crime - GP Practice Management Blog"</a>. GP Practice Management Blog. 18 May 2017. Retrieved 30 June 2017.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=GP+Practice+Management+Blog&rft.atitle=Infection+control+for+your+computers%3A+Protecting+against+cyber+crime+-+GP+Practice+Management+Blog&rft.date=2017-05-18&rft_id=https%3A%2F%2Fpracticeindex.co.uk%2Fgp%2Fblog%2Fit-technology%2Finfection-control-for-your-computers-protecting-against-cyber-crime%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-CIS_1-152"><a href="#cite_ref-CIS_1_152-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFPiper,_D.L.A.2021" class="citation journal cs1">Piper, D.L.A. (2021). <a rel="nofollow" class="external text" href="https://csu-sfsu.primo.exlibrisgroup.com/discovery/fulldisplay?docid=cdi_proquest_reports_2630356925&context=PC&vid=01CALS_SFR:01CALS_SFR&lang=en&search_scope=Everything_RAPIDO&adaptor=Primo%20Central&tab=Everything&query=any,contains,Cybersecurity%20and%20Infrastructure%20Security%20Agency&offset=0">"Cybersecurity and Infrastructure Security Agency Releases Guidance Regarding Ransomware"</a>. Journal of Internet Law. 25 (1): 1–17. Retrieved 3 December 2023.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=Journal+of+Internet+Law&rft.atitle=Cybersecurity+and+Infrastructure+Security+Agency+Releases+Guidance+Regarding+Ransomware&rft.volume=25&rft.issue=1&rft.pages=%3Cspan+class%3D%22nowrap%22%3E1-%3C%2Fspan%3E17&rft.date=2021&rft.au=Piper%2C+D.L.A.&rft_id=https%3A%2F%2Fcsu-sfsu.primo.exlibrisgroup.com%2Fdiscovery%2Ffulldisplay%3Fdocid%3Dcdi_proquest_reports_2630356925%26context%3DPC%26vid%3D01CALS_SFR%3A01CALS_SFR%26lang%3Den%26search_scope%3DEverything_RAPIDO%26adaptor%3DPrimo%2520Central%26tab%3DEverything%26query%3Dany%2Ccontains%2CCybersecurity%2520and%2520Infrastructure%2520Security%2520Agency%26offset%3D0&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-EhTld-153"><a href="#cite_ref-EhTld_153-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://windowsloop.com/turn-on-ransomware-protection-windows-10/">"How to Turn On Ransomware Protection in Windows 10"</a>. WindowsLoop. 8 May 2018. Retrieved 19 December 2018.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=WindowsLoop&rft.atitle=How+to+Turn+On+Ransomware+Protection+in+Windows+10&rft.date=2018-05-08&rft_id=https%3A%2F%2Fwindowsloop.com%2Fturn-on-ransomware-protection-windows-10%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-NFIWj-154"><a href="#cite_ref-NFIWj_154-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.ixsystems.com/blog/defeating-cryptolocker">"Defeating CryptoLocker Attacks with ZFS"</a>. ixsystems.com. 27 August 2015.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=ixsystems.com&rft.atitle=Defeating+CryptoLocker+Attacks+with+ZFS&rft.date=2015-08-27&rft_id=https%3A%2F%2Fwww.ixsystems.com%2Fblog%2Fdefeating-cryptolocker&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-hAZRL-155"><a href="#cite_ref-hAZRL_155-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.thewindowsclub.com/list-ransomware-decryptor-tools">"List of free Ransomware Decryptor Tools to unlock files"</a>. Thewindowsclub.com. Retrieved 28 July 2016.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Thewindowsclub.com&rft.atitle=List+of+free+Ransomware+Decryptor+Tools+to+unlock+files&rft_id=http%3A%2F%2Fwww.thewindowsclub.com%2Flist-ransomware-decryptor-tools&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-V6K3w-156"><a href="#cite_ref-V6K3w_156-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.thewindowsclub.com/emsisoft-decrypter-hydracrypt-umbrecrypt-ransomware">"Emsisoft Decrypter for HydraCrypt and UmbreCrypt Ransomware"</a>. Thewindowsclub.com. 17 February 2016. Retrieved 28 July 2016.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Thewindowsclub.com&rft.atitle=Emsisoft+Decrypter+for+HydraCrypt+and+UmbreCrypt+Ransomware&rft.date=2016-02-17&rft_id=http%3A%2F%2Fwww.thewindowsclub.com%2Femsisoft-decrypter-hydracrypt-umbrecrypt-ransomware&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-Bf057-157"><a href="#cite_ref-Bf057_157-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.avast.com/c-ransomware">"Ransomware removal tools"</a>. Retrieved 19 September 2017.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Ransomware+removal+tools&rft_id=https%3A%2F%2Fwww.avast.com%2Fc-ransomware&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-ProPublica-158">^ <a href="#cite_ref-ProPublica_158-0">a</a> <a href="#cite_ref-ProPublica_158-1">b</a> <a href="#cite_ref-ProPublica_158-2">c</a> <a href="#cite_ref-ProPublica_158-3">d</a> <a href="#cite_ref-ProPublica_158-4">e</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFRenee_DudleyJeff_Kao2019" class="citation web cs1">Renee Dudley; Jeff Kao (15 May 2019). <a rel="nofollow" class="external text" href="https://features.propublica.org/ransomware/ransomware-attack-data-recovery-firms-paying-hackers/">"The Trade Secret Firms That Promised High-Tech Ransomware Solutions Almost Always Just Pay the Hackers"</a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=The+Trade+Secret+Firms+That+Promised+High-Tech+Ransomware+Solutions+Almost+Always+Just+Pay+the+Hackers&rft.date=2019-05-15&rft.au=Renee+Dudley&rft.au=Jeff+Kao&rft_id=https%3A%2F%2Ffeatures.propublica.org%2Fransomware%2Fransomware-attack-data-recovery-firms-paying-hackers%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-159"><a href="#cite_ref-159">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation news cs1"><a rel="nofollow" class="external text" href="https://www.nomoreransom.org/en/about-the-project.html">"About the Project - The No More Ransom Project"</a>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20211122131432/https://www.nomoreransom.org/en/about-the-project.html">Archived</a> from the original on 22 November 2021. Retrieved 3 December 2021.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=About+the+Project+-+The+No+More+Ransom+Project&rft_id=https%3A%2F%2Fwww.nomoreransom.org%2Fen%2Fabout-the-project.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-160"><a href="#cite_ref-160">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation news cs1"><a rel="nofollow" class="external text" href="https://www.nomoreransom.org/crypto-sheriff.php">"Crypto Sheriff - The No More Ransom Project"</a>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20211026165032/https://www.nomoreransom.org/crypto-sheriff.php">Archived</a> from the original on 26 October 2021. Retrieved 3 December 2021.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Crypto+Sheriff+-+The+No+More+Ransom+Project&rft_id=https%3A%2F%2Fwww.nomoreransom.org%2Fcrypto-sheriff.php&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-fWg6u-161">^ <a href="#cite_ref-fWg6u_161-0">a</a> <a href="#cite_ref-fWg6u_161-1">b</a> <a href="#cite_ref-fWg6u_161-2">c</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation news cs1"><a rel="nofollow" class="external text" href="https://www.bbc.com/news/uk-47800378">"Zain Qaiser: Student jailed for blackmailing porn users worldwide"</a>. BBC News. 9 April 2019.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=BBC+News&rft.atitle=Zain+Qaiser%3A+Student+jailed+for+blackmailing+porn+users+worldwide&rft.date=2019-04-09&rft_id=https%3A%2F%2Fwww.bbc.com%2Fnews%2Fuk-47800378&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-KW8uM-162"><a href="#cite_ref-KW8uM_162-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.teiss.co.uk/zain-qaiser-cyber-crime/">"British hacker Zain Qaiser sentenced for blackmailing millions"</a>. 9 April 2019.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=British+hacker+Zain+Qaiser+sentenced+for+blackmailing+millions&rft.date=2019-04-09&rft_id=https%3A%2F%2Fwww.teiss.co.uk%2Fzain-qaiser-cyber-crime%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-lHdGY-163"><a href="#cite_ref-lHdGY_163-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFCimpanu" class="citation web cs1">Cimpanu, Catalin. <a rel="nofollow" class="external text" href="https://www.zdnet.com/article/reveton-ransomware-distributor-sentenced-to-six-years-in-prison-in-the-uk/">"Reveton ransomware distributor sentenced to six years in prison in the UK"</a>. ZDNet.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=ZDNet&rft.atitle=Reveton+ransomware+distributor+sentenced+to+six+years+in+prison+in+the+UK&rft.aulast=Cimpanu&rft.aufirst=Catalin&rft_id=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Freveton-ransomware-distributor-sentenced-to-six-years-in-prison-in-the-uk%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-uBW5w-164"><a href="#cite_ref-uBW5w_164-0">^</a> <a rel="nofollow" class="external text" href="https://www.wired.co.uk/article/porn-ransomware-reveton">"How police caught the UK's most notorious porn ransomware baron"</a>, Matt Burgess, Wired, 12 Apr 2019] </li> <li id="cite_note-m82Cr-165"><a href="#cite_ref-m82Cr_165-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://usa.kaspersky.com/about/press-releases/2016_angler-by-lurk-why-the-infamous-cybercriminal-group-that-stole-millions-was-renting-out-its-most-powerful-tool">"Angler by Lurk: Why the infamous cybercriminal group that stole millions was renting out its most powerful tool"</a>. usa.kaspersky.com. 26 May 2021.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=usa.kaspersky.com&rft.atitle=Angler+by+Lurk%3A+Why+the+infamous+cybercriminal+group+that+stole+millions+was+renting+out+its+most+powerful+tool&rft.date=2021-05-26&rft_id=https%3A%2F%2Fusa.kaspersky.com%2Fabout%2Fpress-releases%2F2016_angler-by-lurk-why-the-infamous-cybercriminal-group-that-stole-millions-was-renting-out-its-most-powerful-tool&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-2eQbY-166"><a href="#cite_ref-2eQbY_166-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFNichols2018" class="citation web cs1">Nichols, Shaun (15 August 2018). <a rel="nofollow" class="external text" href="https://www.theregister.com/2018/08/15/reveton_microsoft_hire/">"Florida Man laundered money for Reveton ransomware. Then Microsoft hired him in San Francisco"</a>. Theregister.com.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Theregister.com&rft.atitle=Florida+Man+laundered+money+for+Reveton+ransomware.+Then+Microsoft+hired+him+in+San+Francisco&rft.date=2018-08-15&rft.aulast=Nichols&rft.aufirst=Shaun&rft_id=https%3A%2F%2Fwww.theregister.com%2F2018%2F08%2F15%2Freveton_microsoft_hire%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-hb340-167"><a href="#cite_ref-hb340_167-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFFields2017" class="citation web cs1">Fields, Logan M. (25 February 2017). <a rel="nofollow" class="external text" href="http://www.d-worldnews.life/2017/02/the-minority-report-week-7-half-way.html">"The Minority Report – Week 7 – The Half-Way Point"</a>. World News.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=The+Minority+Report+%E2%80%93+Week+7+%E2%80%93+The+Half-Way+Point&rft.pub=World+News&rft.date=2017-02-25&rft.aulast=Fields&rft.aufirst=Logan+M.&rft_id=http%3A%2F%2Fwww.d-worldnews.life%2F2017%2F02%2Fthe-minority-report-week-7-half-way.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> <li id="cite_note-jransomware-168"><a href="#cite_ref-jransomware_168-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFWei2017" class="citation web cs1">Wei, Wang (6 June 2017). <a rel="nofollow" class="external text" href="http://thehackernews.com/2017/06/japanese-ransomware-malware.html">"14-Year-Old Japanese Boy Arrested for Creating Ransomware"</a>. The Hacker News.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=14-Year-Old+Japanese+Boy+Arrested+for+Creating+Ransomware&rft.pub=The+Hacker+News&rft.date=2017-06-06&rft.aulast=Wei&rft.aufirst=Wang&rft_id=http%3A%2F%2Fthehackernews.com%2F2017%2F06%2Fjapanese-ransomware-malware.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"> </li> </ol></div></div> <div class="mw-heading mw-heading2"><h2 id="Further_reading">Further reading</h2>[<a href="/w/index.php?title=Ransomware&action=edit&section=30" title="Edit section: Further reading">edit</a>]</div> <ul><li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFYoungYung2004" class="citation book cs1">Young, A.; <a href="/wiki/Moti_Yung" title="Moti Yung">Yung, M.</a> (2004). Malicious Cryptography: Exposing Cryptovirology. Wiley. <a href="/wiki/ISBN_(identifier)" class="mw-redirect" title="ISBN (identifier)">ISBN</a> <a href="/wiki/Special:BookSources/978-0-7645-4975-5" title="Special:BookSources/978-0-7645-4975-5"><bdi>978-0-7645-4975-5</bdi></a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=book&rft.btitle=Malicious+Cryptography%3A+Exposing+Cryptovirology&rft.pub=Wiley&rft.date=2004&rft.isbn=978-0-7645-4975-5&rft.aulast=Young&rft.aufirst=A.&rft.au=Yung%2C+M.&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"></li> <li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFRussinovich2013" class="citation web cs1"><a href="/wiki/Mark_Russinovich" title="Mark Russinovich">Russinovich</a>, Mark (7 January 2013). <a rel="nofollow" class="external text" href="http://blogs.technet.com/b/markrussinovich/archive/2013/01/07/3543763.aspx">"Hunting Down and Killing Ransomware"</a>. Microsoft TechNet. Microsoft.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Microsoft+TechNet&rft.atitle=Hunting+Down+and+Killing+Ransomware&rft.date=2013-01-07&rft.aulast=Russinovich&rft.aufirst=Mark&rft_id=http%3A%2F%2Fblogs.technet.com%2Fb%2Fmarkrussinovich%2Farchive%2F2013%2F01%2F07%2F3543763.aspx&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"></li> <li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFSimonite2015" class="citation magazine cs1">Simonite, Tom (4 February 2015). <a rel="nofollow" class="external text" href="https://web.archive.org/web/20151127160817/http://www.technologyreview.com/news/534516/holding-data-hostage-the-perfect-internet-crime/">"Holding Data Hostage: The Perfect Internet Crime? Ransomware (Scareware)"</a>. <a href="/wiki/MIT_Technology_Review" title="MIT Technology Review">MIT Technology Review</a>. Archived from <a rel="nofollow" class="external text" href="http://www.technologyreview.com/news/534516/holding-data-hostage-the-perfect-internet-crime/">the original</a> on 27 November 2015. Retrieved 5 February 2015.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=MIT+Technology+Review&rft.atitle=Holding+Data+Hostage%3A+The+Perfect+Internet+Crime%3F+Ransomware+%28Scareware%29&rft.date=2015-02-04&rft.aulast=Simonite&rft.aufirst=Tom&rft_id=http%3A%2F%2Fwww.technologyreview.com%2Fnews%2F534516%2Fholding-data-hostage-the-perfect-internet-crime%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"></li> <li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFBrad2015" class="citation web cs1">Brad, Duncan (2 March 2015). <a rel="nofollow" class="external text" href="https://web.archive.org/web/20150924083938/http://www.rackspace.com/blog/exploit-kits-and-cryptowall-3-0/">"Exploit Kits and CryptoWall 3.0"</a>. The Rackspace Blog! & NewsRoom. Archived from <a rel="nofollow" class="external text" href="http://www.rackspace.com/blog/exploit-kits-and-cryptowall-3-0/">the original</a> on 24 September 2015. Retrieved 15 April 2015.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Exploit+Kits+and+CryptoWall+3.0&rft.pub=The+Rackspace+Blog%21+%26+NewsRoom&rft.date=2015-03-02&rft.aulast=Brad&rft.aufirst=Duncan&rft_id=http%3A%2F%2Fwww.rackspace.com%2Fblog%2Fexploit-kits-and-cryptowall-3-0%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"></li> <li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.fbi.gov/news/stories/2015/january/ransomware-on-the-rise">"Ransomware on the Rise: FBI and Partners Working to Combat This Cyber Threat"</a>. NEWS. Federal Bureau of Investigation. 20 January 2015.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=NEWS&rft.atitle=Ransomware+on+the+Rise%3A+FBI+and+Partners+Working+to+Combat+This+Cyber+Threat&rft.date=2015-01-20&rft_id=https%3A%2F%2Fwww.fbi.gov%2Fnews%2Fstories%2F2015%2Fjanuary%2Fransomware-on-the-rise&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"></li> <li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFYang,_T.Yang,_Y.Qian,_K.Lo,_D.C.T.2015" class="citation book cs1">Yang, T.; Yang, Y.; Qian, K.; Lo, D.C.T.; Qian, L. & Tao, L. (2015). 2015 IEEE 17th International Conference on High Performance Computing and Communications, 2015 IEEE 7th International Symposium on Cyberspace Safety and Security, and 2015 IEEE 12th International Conference on Embedded Software and Systems. IEEE Internet of Things Journal, CONFERENCE, AUGUST 2015. pp. 1338–1343. <a href="/wiki/Doi_(identifier)" class="mw-redirect" title="Doi (identifier)">doi</a>:<a rel="nofollow" class="external text" href="https://doi.org/10.1109%2FHPCC-CSS-ICESS.2015.39">10.1109/HPCC-CSS-ICESS.2015.39</a>. <a href="/wiki/ISBN_(identifier)" class="mw-redirect" title="ISBN (identifier)">ISBN</a> <a href="/wiki/Special:BookSources/978-1-4799-8937-9" title="Special:BookSources/978-1-4799-8937-9"><bdi>978-1-4799-8937-9</bdi></a>. <a href="/wiki/S2CID_(identifier)" class="mw-redirect" title="S2CID (identifier)">S2CID</a> <a rel="nofollow" class="external text" href="https://api.semanticscholar.org/CorpusID:5374328">5374328</a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=book&rft.btitle=2015+IEEE+17th+International+Conference+on+High+Performance+Computing+and+Communications%2C+2015+IEEE+7th+International+Symposium+on+Cyberspace+Safety+and+Security%2C+and+2015+IEEE+12th+International+Conference+on+Embedded+Software+and+Systems&rft.pages=%3Cspan+class%3D%22nowrap%22%3E1338-%3C%2Fspan%3E1343&rft.pub=IEEE+Internet+of+Things+Journal%2C+CONFERENCE%2C+AUGUST+2015&rft.date=2015&rft_id=https%3A%2F%2Fapi.semanticscholar.org%2FCorpusID%3A5374328%23id-name%3DS2CID&rft_id=info%3Adoi%2F10.1109%2FHPCC-CSS-ICESS.2015.39&rft.isbn=978-1-4799-8937-9&rft.au=Yang%2C+T.&rft.au=Yang%2C+Y.&rft.au=Qian%2C+K.&rft.au=Lo%2C+D.C.T.&rft.au=Qian%2C+L.&rft.au=Tao%2C+L.&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"></li> <li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFRichet2015" class="citation web cs1">Richet, Jean-Loup (July 2015). <a rel="nofollow" class="external text" href="https://blogs.harvard.edu/jeanlouprichet/files/2015/07/Extortion_on_the_Internet_Rise_of_Crypto_Ransomware.pdf">"Extortion on the Internet: the Rise of Crypto-Ransomware"</a> (PDF). Harvard University.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Extortion+on+the+Internet%3A+the+Rise+of+Crypto-Ransomware&rft.pub=Harvard+University&rft.date=2015-07&rft.aulast=Richet&rft.aufirst=Jean-Loup&rft_id=https%3A%2F%2Fblogs.harvard.edu%2Fjeanlouprichet%2Ffiles%2F2015%2F07%2FExtortion_on_the_Internet_Rise_of_Crypto_Ransomware.pdf&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"></li> <li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFLiska2021" class="citation web cs1">Liska, Allan (20 October 2021). <a rel="nofollow" class="external text" href="https://ransomware.org/">"Ransomware - Understand. Prevent. Recover"</a>. Recorded Future. ActualTech Media.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Recorded+Future&rft.atitle=Ransomware+-+Understand.+Prevent.+Recover.&rft.date=2021-10-20&rft.aulast=Liska&rft.aufirst=Allan&rft_id=https%3A%2F%2Fransomware.org%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ARansomware" class="Z3988"></li></ul> <div class="mw-heading mw-heading2"><h2 id="External_links">External links</h2>[<a href="/w/index.php?title=Ransomware&action=edit&section=31" title="Edit section: External links">edit</a>]</div> <ul><li><a href="/wiki/File:Commons-logo.svg" class="mw-file-description"><img alt="" src="//upload.wikimedia.org/wikipedia/en/thumb/4/4a/Commons-logo.svg/12px-Commons-logo.svg.png" decoding="async" width="12" height="16" class="mw-file-element" srcset="//upload.wikimedia.org/wikipedia/en/thumb/4/4a/Commons-logo.svg/18px-Commons-logo.svg.png 1.5x, //upload.wikimedia.org/wikipedia/en/thumb/4/4a/Commons-logo.svg/24px-Commons-logo.svg.png 2x" data-file-width="1024" data-file-height="1376" /></a> Media related to <a href="https://commons.wikimedia.org/wiki/Category:Ransomware" class="extiw" title="commons:Category:Ransomware">Ransomware</a> at Wikimedia Commons</li> <li><a rel="nofollow" class="external text" href="https://www.fbi.gov/news/stories/2015/january/ransomware-on-the-rise">Incidents of Ransomware on the Rise</a> – <a href="/wiki/Federal_Bureau_of_Investigation" title="Federal Bureau of Investigation">Federal Bureau of Investigation</a></li> <li><a rel="nofollow" class="external text" href="https://www.propublica.org/series/ransomware-enablers">The Extortion Economy / U.S. Companies and Ransomware</a></li> <li><a rel="nofollow" class="external text" href="https://www.lifewire.com/what-does-it-mean-to-format-something-2625882">Formatting a hard drive</a></li> <li><a rel="nofollow" class="external text" href="https://threatsfixguide.com/prevent-ransomware-attacks/">Ransomware Removal</a></li></ul> <div class="navbox-styles"><style data-mw-deduplicate="TemplateStyles:r1129693374">.mw-parser-output .hlist dl,.mw-parser-output .hlist ol,.mw-parser-output .hlist ul{margin:0;padding:0}.mw-parser-output .hlist dd,.mw-parser-output .hlist dt,.mw-parser-output .hlist li{margin:0;display:inline}.mw-parser-output .hlist.inline,.mw-parser-output .hlist.inline dl,.mw-parser-output .hlist.inline ol,.mw-parser-output .hlist.inline ul,.mw-parser-output .hlist dl dl,.mw-parser-output .hlist dl ol,.mw-parser-output .hlist dl ul,.mw-parser-output .hlist ol dl,.mw-parser-output .hlist ol ol,.mw-parser-output .hlist ol ul,.mw-parser-output .hlist ul dl,.mw-parser-output .hlist ul ol,.mw-parser-output .hlist ul ul{display:inline}.mw-parser-output .hlist .mw-empty-li{display:none}.mw-parser-output .hlist dt::after{content:": "}.mw-parser-output .hlist dd::after,.mw-parser-output .hlist li::after{content:" · ";font-weight:bold}.mw-parser-output .hlist dd:last-child::after,.mw-parser-output .hlist dt:last-child::after,.mw-parser-output .hlist li:last-child::after{content:none}.mw-parser-output .hlist dd dd:first-child::before,.mw-parser-output .hlist dd dt:first-child::before,.mw-parser-output .hlist dd li:first-child::before,.mw-parser-output .hlist dt dd:first-child::before,.mw-parser-output .hlist dt dt:first-child::before,.mw-parser-output .hlist dt li:first-child::before,.mw-parser-output .hlist li dd:first-child::before,.mw-parser-output .hlist li dt:first-child::before,.mw-parser-output .hlist li li:first-child::before{content:" (";font-weight:normal}.mw-parser-output .hlist dd dd:last-child::after,.mw-parser-output .hlist dd dt:last-child::after,.mw-parser-output .hlist dd li:last-child::after,.mw-parser-output .hlist dt dd:last-child::after,.mw-parser-output .hlist dt dt:last-child::after,.mw-parser-output .hlist dt li:last-child::after,.mw-parser-output .hlist li dd:last-child::after,.mw-parser-output .hlist li dt:last-child::after,.mw-parser-output .hlist li li:last-child::after{content:")";font-weight:normal}.mw-parser-output .hlist ol{counter-reset:listitem}.mw-parser-output .hlist ol>li{counter-increment:listitem}.mw-parser-output .hlist ol>li::before{content:" "counter(listitem)"\a0 "}.mw-parser-output .hlist dd ol>li:first-child::before,.mw-parser-output .hlist dt ol>li:first-child::before,.mw-parser-output .hlist li ol>li:first-child::before{content:" ("counter(listitem)"\a0 "}</style><style data-mw-deduplicate="TemplateStyles:r1236075235">.mw-parser-output .navbox{box-sizing:border-box;border:1px solid #a2a9b1;width:100%;clear:both;font-size:88%;text-align:center;padding:1px;margin:1em auto 0}.mw-parser-output .navbox .navbox{margin-top:0}.mw-parser-output .navbox+.navbox,.mw-parser-output .navbox+.navbox-styles+.navbox{margin-top:-1px}.mw-parser-output .navbox-inner,.mw-parser-output .navbox-subgroup{width:100%}.mw-parser-output .navbox-group,.mw-parser-output .navbox-title,.mw-parser-output .navbox-abovebelow{padding:0.25em 1em;line-height:1.5em;text-align:center}.mw-parser-output .navbox-group{white-space:nowrap;text-align:right}.mw-parser-output .navbox,.mw-parser-output .navbox-subgroup{background-color:#fdfdfd}.mw-parser-output .navbox-list{line-height:1.5em;border-color:#fdfdfd}.mw-parser-output .navbox-list-with-group{text-align:left;border-left-width:2px;border-left-style:solid}.mw-parser-output tr+tr>.navbox-abovebelow,.mw-parser-output tr+tr>.navbox-group,.mw-parser-output tr+tr>.navbox-image,.mw-parser-output tr+tr>.navbox-list{border-top:2px solid #fdfdfd}.mw-parser-output .navbox-title{background-color:#ccf}.mw-parser-output .navbox-abovebelow,.mw-parser-output .navbox-group,.mw-parser-output .navbox-subgroup .navbox-title{background-color:#ddf}.mw-parser-output .navbox-subgroup .navbox-group,.mw-parser-output .navbox-subgroup .navbox-abovebelow{background-color:#e6e6ff}.mw-parser-output .navbox-even{background-color:#f7f7f7}.mw-parser-output .navbox-odd{background-color:transparent}.mw-parser-output .navbox .hlist td dl,.mw-parser-output .navbox .hlist td ol,.mw-parser-output .navbox .hlist td ul,.mw-parser-output .navbox td.hlist dl,.mw-parser-output .navbox td.hlist ol,.mw-parser-output .navbox td.hlist ul{padding:0.125em 0}.mw-parser-output .navbox .navbar{display:block;font-size:100%}.mw-parser-output .navbox-title .navbar{float:left;text-align:left;margin-right:0.5em}body.skin--responsive .mw-parser-output .navbox-image img{max-width:none!important}@media print{body.ns-0 .mw-parser-output .navbox{display:none!important}}</style></div><div role="navigation" class="navbox" aria-labelledby="Information_security88" style="padding:3px"><table class="nowraplinks mw-collapsible autocollapse navbox-inner" style="border-spacing:0;background:transparent;color:inherit"><tbody><tr><th scope="col" class="navbox-title" colspan="3"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1129693374"><style data-mw-deduplicate="TemplateStyles:r1239400231">.mw-parser-output .navbar{display:inline;font-size:88%;font-weight:normal}.mw-parser-output .navbar-collapse{float:left;text-align:left}.mw-parser-output .navbar-boxtext{word-spacing:0}.mw-parser-output .navbar ul{display:inline-block;white-space:nowrap;line-height:inherit}.mw-parser-output .navbar-brackets::before{margin-right:-0.125em;content:"[ "}.mw-parser-output .navbar-brackets::after{margin-left:-0.125em;content:" ]"}.mw-parser-output .navbar li{word-spacing:-0.125em}.mw-parser-output .navbar a>span,.mw-parser-output .navbar a>abbr{text-decoration:inherit}.mw-parser-output .navbar-mini abbr{font-variant:small-caps;border-bottom:none;text-decoration:none;cursor:inherit}.mw-parser-output .navbar-ct-full{font-size:114%;margin:0 7em}.mw-parser-output .navbar-ct-mini{font-size:114%;margin:0 4em}html.skin-theme-clientpref-night .mw-parser-output .navbar li a abbr{color:var(--color-base)!important}@media(prefers-color-scheme:dark){html.skin-theme-clientpref-os .mw-parser-output .navbar li a abbr{color:var(--color-base)!important}}@media print{.mw-parser-output .navbar{display:none!important}}</style><div class="navbar plainlinks hlist navbar-mini"><ul><li class="nv-view"><a href="/wiki/Template:Information_security" title="Template:Information security"><abbr title="View this template">v</abbr></a></li><li class="nv-talk"><a href="/wiki/Template_talk:Information_security" title="Template talk:Information security"><abbr title="Discuss this template">t</abbr></a></li><li class="nv-edit"><a href="/wiki/Special:EditPage/Template:Information_security" title="Special:EditPage/Template:Information security"><abbr title="Edit this template">e</abbr></a></li></ul></div><div id="Information_security88" style="font-size:114%;margin:0 4em"><a href="/wiki/Information_security" title="Information security">Information security</a></div></th></tr><tr><th scope="row" class="navbox-group" style="width:1%">Related security categories</th><td class="navbox-list-with-group navbox-list navbox-odd hlist" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Computer_security" title="Computer security">Computer security</a></li> <li><a href="/wiki/Automotive_security" title="Automotive security">Automotive security</a></li> <li><a href="/wiki/Cybercrime" title="Cybercrime">Cybercrime</a> <ul><li><a href="/wiki/Cybersex_trafficking" title="Cybersex trafficking">Cybersex trafficking</a></li> <li><a href="/wiki/Computer_fraud" title="Computer fraud">Computer fraud</a></li></ul></li> <li><a href="/wiki/Cybergeddon" title="Cybergeddon">Cybergeddon</a></li> <li><a href="/wiki/Cyberterrorism" title="Cyberterrorism">Cyberterrorism</a></li> <li><a href="/wiki/Cyberwarfare" title="Cyberwarfare">Cyberwarfare</a></li> <li><a href="/wiki/Electronic_warfare" title="Electronic warfare">Electronic warfare</a></li> <li><a href="/wiki/Information_warfare" title="Information warfare">Information warfare</a></li> <li><a href="/wiki/Internet_security" title="Internet security">Internet security</a></li> <li><a href="/wiki/Mobile_security" title="Mobile security">Mobile security</a></li> <li><a href="/wiki/Network_security" title="Network security">Network security</a></li> <li><a href="/wiki/Copy_protection" title="Copy protection">Copy protection</a></li> <li><a href="/wiki/Digital_rights_management" title="Digital rights management">Digital rights management</a></li></ul> </div></td><td class="noviewer navbox-image" rowspan="3" style="width:1px;padding:0 0 0 2px"><div><figure class="mw-halign-center" typeof="mw:File"><a href="/wiki/File:CIAJMK1209-en.svg" class="mw-file-description" title="vectorial version"><img alt="vectorial version" src="//upload.wikimedia.org/wikipedia/commons/thumb/c/c5/CIAJMK1209-en.svg/150px-CIAJMK1209-en.svg.png" decoding="async" width="150" height="150" class="mw-file-element" srcset="//upload.wikimedia.org/wikipedia/commons/thumb/c/c5/CIAJMK1209-en.svg/225px-CIAJMK1209-en.svg.png 1.5x, //upload.wikimedia.org/wikipedia/commons/thumb/c/c5/CIAJMK1209-en.svg/300px-CIAJMK1209-en.svg.png 2x" data-file-width="496" data-file-height="496" /></a><figcaption>vectorial version</figcaption></figure></div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%"><a href="/wiki/Threat_(computer)" class="mw-redirect" title="Threat (computer)">Threats</a></th><td class="navbox-list-with-group navbox-list navbox-even hlist" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Adware" title="Adware">Adware</a></li> <li><a href="/wiki/Advanced_persistent_threat" title="Advanced persistent threat">Advanced persistent threat</a></li> <li><a href="/wiki/Arbitrary_code_execution" title="Arbitrary code execution">Arbitrary code execution</a></li> <li><a href="/wiki/Backdoor_(computing)" title="Backdoor (computing)">Backdoors</a></li> <li>Bombs <ul><li><a href="/wiki/Fork_bomb" title="Fork bomb">Fork</a></li> <li><a href="/wiki/Logic_bomb" title="Logic bomb">Logic</a></li> <li><a href="/wiki/Time_bomb_(software)" title="Time bomb (software)">Time</a></li> <li><a href="/wiki/Zip_bomb" title="Zip bomb">Zip</a></li></ul></li> <li><a href="/wiki/Hardware_backdoor" title="Hardware backdoor">Hardware backdoors</a></li> <li><a href="/wiki/Code_injection" title="Code injection">Code injection</a></li> <li><a href="/wiki/Crimeware" title="Crimeware">Crimeware</a></li> <li><a href="/wiki/Cross-site_scripting" title="Cross-site scripting">Cross-site scripting</a></li> <li><a href="/wiki/Cross-site_leaks" title="Cross-site leaks">Cross-site leaks</a></li> <li><a href="/wiki/DOM_clobbering" title="DOM clobbering">DOM clobbering</a></li> <li><a href="/wiki/History_sniffing" title="History sniffing">History sniffing</a></li> <li><a href="/wiki/Cryptojacking" title="Cryptojacking">Cryptojacking</a></li> <li><a href="/wiki/Botnet" title="Botnet">Botnets</a></li> <li><a href="/wiki/Data_breach" title="Data breach">Data breach</a></li> <li><a href="/wiki/Drive-by_download" title="Drive-by download">Drive-by download</a></li> <li><a href="/wiki/Browser_Helper_Object" title="Browser Helper Object">Browser Helper Objects</a></li> <li><a href="/wiki/Computer_virus" title="Computer virus">Viruses</a></li> <li><a href="/wiki/Data_scraping" title="Data scraping">Data scraping</a></li> <li><a href="/wiki/Denial-of-service_attack" title="Denial-of-service attack">Denial-of-service attack</a></li> <li><a href="/wiki/Eavesdropping" title="Eavesdropping">Eavesdropping</a></li> <li><a href="/wiki/Email_fraud" title="Email fraud">Email fraud</a></li> <li><a href="/wiki/Email_spoofing" title="Email spoofing">Email spoofing</a></li> <li><a href="/wiki/Exploit_(computer_security)" title="Exploit (computer security)">Exploits</a></li> <li><a href="/wiki/Dialer#Fraudulent_dialer" title="Dialer">Fraudulent dialers</a></li> <li><a href="/wiki/Hacktivism" title="Hacktivism">Hacktivism</a></li> <li><a href="/wiki/Infostealer" title="Infostealer">Infostealer</a></li> <li><a href="/wiki/Insecure_direct_object_reference" title="Insecure direct object reference">Insecure direct object reference</a></li> <li><a href="/wiki/Keystroke_logging" title="Keystroke logging">Keystroke loggers</a></li> <li><a href="/wiki/Malware" title="Malware">Malware</a></li> <li><a href="/wiki/Payload_(computing)" title="Payload (computing)">Payload</a></li> <li><a href="/wiki/Phishing" title="Phishing">Phishing</a> <ul><li><a href="/wiki/Voice_phishing" title="Voice phishing">Voice</a></li></ul></li> <li><a href="/wiki/Polymorphic_engine" title="Polymorphic engine">Polymorphic engine</a></li> <li><a href="/wiki/Privilege_escalation" title="Privilege escalation">Privilege escalation</a></li> <li><a class="mw-selflink selflink">Ransomware</a></li> <li><a href="/wiki/Rootkit" title="Rootkit">Rootkits</a></li> <li><a href="/wiki/Scareware" title="Scareware">Scareware</a></li> <li><a href="/wiki/Shellcode" title="Shellcode">Shellcode</a></li> <li><a href="/wiki/Spamming" title="Spamming">Spamming</a></li> <li><a href="/wiki/Social_engineering_(security)" title="Social engineering (security)">Social engineering</a></li> <li><a href="/wiki/Spyware" title="Spyware">Spyware</a></li> <li><a href="/wiki/Software_bug" title="Software bug">Software bugs</a></li> <li><a href="/wiki/Trojan_horse_(computing)" title="Trojan horse (computing)">Trojan horses</a></li> <li><a href="/wiki/Hardware_Trojan" title="Hardware Trojan">Hardware Trojans</a></li> <li><a href="/wiki/Remote_access_trojan" class="mw-redirect" title="Remote access trojan">Remote access trojans</a></li> <li><a href="/wiki/Vulnerability_(computer_security)" title="Vulnerability (computer security)">Vulnerability</a></li> <li><a href="/wiki/Web_shell" title="Web shell">Web shells</a></li> <li><a href="/wiki/Wiper_(malware)" title="Wiper (malware)">Wiper</a></li> <li><a href="/wiki/Computer_worm" title="Computer worm">Worms</a></li> <li><a href="/wiki/SQL_injection" title="SQL injection">SQL injection</a></li> <li><a href="/wiki/Rogue_security_software" title="Rogue security software">Rogue security software</a></li> <li><a href="/wiki/Zombie_(computing)" title="Zombie (computing)">Zombie</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%">Defenses</th><td class="navbox-list-with-group navbox-list navbox-odd hlist" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Application_security" title="Application security">Application security</a> <ul><li><a href="/wiki/Secure_coding" title="Secure coding">Secure coding</a></li> <li>Secure by default</li> <li><a href="/wiki/Secure_by_design" title="Secure by design">Secure by design</a> <ul><li><a href="/wiki/Misuse_case" title="Misuse case">Misuse case</a></li></ul></li></ul></li> <li><a href="/wiki/Computer_access_control" title="Computer access control">Computer access control</a> <ul><li><a href="/wiki/Authentication" title="Authentication">Authentication</a> <ul><li><a href="/wiki/Multi-factor_authentication" title="Multi-factor authentication">Multi-factor authentication</a></li></ul></li> <li><a href="/wiki/Authorization" title="Authorization">Authorization</a></li></ul></li> <li><a href="/wiki/Computer_security_software" title="Computer security software">Computer security software</a> <ul><li><a href="/wiki/Antivirus_software" title="Antivirus software">Antivirus software</a></li> <li><a href="/wiki/Security-focused_operating_system" title="Security-focused operating system">Security-focused operating system</a></li></ul></li> <li><a href="/wiki/Data-centric_security" title="Data-centric security">Data-centric security</a></li> <li><a href="/wiki/Obfuscation_(software)" title="Obfuscation (software)">Software obfuscation</a></li> <li><a href="/wiki/Data_masking" title="Data masking">Data masking</a></li> <li><a href="/wiki/Encryption" title="Encryption">Encryption</a></li> <li><a href="/wiki/Firewall_(computing)" title="Firewall (computing)">Firewall</a></li> <li><a href="/wiki/Intrusion_detection_system" title="Intrusion detection system">Intrusion detection system</a> <ul><li><a href="/wiki/Host-based_intrusion_detection_system" title="Host-based intrusion detection system">Host-based intrusion detection system</a> (HIDS)</li> <li><a href="/wiki/Anomaly_detection" title="Anomaly detection">Anomaly detection</a></li></ul></li> <li><a href="/wiki/Information_security_management" title="Information security management">Information security management</a> <ul><li><a href="/wiki/Information_risk_management" class="mw-redirect" title="Information risk management">Information risk management</a></li> <li><a href="/wiki/Security_information_and_event_management" title="Security information and event management">Security information and event management</a> (SIEM)</li></ul></li> <li><a href="/wiki/Runtime_application_self-protection" title="Runtime application self-protection">Runtime application self-protection</a></li> <li><a href="/wiki/Site_isolation" title="Site isolation">Site isolation</a></li></ul> </div></td></tr></tbody></table></div> <div class="navbox-styles"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1129693374"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1236075235"></div><div role="navigation" class="navbox" aria-labelledby="Software_distribution163" style="padding:3px"><table class="nowraplinks mw-collapsible autocollapse navbox-inner" style="border-spacing:0;background:transparent;color:inherit"><tbody><tr><th scope="col" class="navbox-title" colspan="2"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1129693374"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1239400231"><div class="navbar plainlinks hlist navbar-mini"><ul><li class="nv-view"><a href="/wiki/Template:Software_distribution" title="Template:Software distribution"><abbr title="View this template">v</abbr></a></li><li class="nv-talk"><a href="/wiki/Template_talk:Software_distribution" title="Template talk:Software distribution"><abbr title="Discuss this template">t</abbr></a></li><li class="nv-edit"><a href="/wiki/Special:EditPage/Template:Software_distribution" title="Special:EditPage/Template:Software distribution"><abbr title="Edit this template">e</abbr></a></li></ul></div><div id="Software_distribution163" style="font-size:114%;margin:0 4em"><a href="/wiki/Software_distribution" title="Software distribution">Software distribution</a></div></th></tr><tr><th scope="row" class="navbox-group" style="width:1%"><a href="/wiki/Software_license" title="Software license">Licenses</a></th><td class="navbox-list-with-group navbox-list navbox-odd hlist" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Beerware" title="Beerware">Beerware</a></li> <li><a href="/wiki/Floating_licensing" title="Floating licensing">Floating licensing</a></li> <li><a href="/wiki/Free_and_open-source_software" title="Free and open-source software">Free and open-source</a> <ul><li><a href="/wiki/Free_software" title="Free software">Free</a></li> <li><a href="/wiki/Open-source_software" title="Open-source software">Open source</a></li></ul></li> <li><a href="/wiki/Freely_redistributable_software" title="Freely redistributable software">Freely redistributable</a></li> <li><a href="/wiki/License-free_software" title="License-free software">License-free</a></li> <li><a href="/wiki/Proprietary_software" title="Proprietary software">Proprietary</a></li> <li><a href="/wiki/Public-domain_software" title="Public-domain software">Public domain</a></li> <li><a href="/wiki/Source-available_software" title="Source-available software">Source-available</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%">Compensation models</th><td class="navbox-list-with-group navbox-list navbox-even hlist" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Adware" title="Adware">Adware</a></li> <li><a href="/wiki/Commercial_software" title="Commercial software">Commercial software</a> <ul><li><a href="/wiki/Retail_software" title="Retail software">Retail software</a></li></ul></li> <li><a href="/wiki/Crippleware" title="Crippleware">Crippleware</a></li> <li><a href="/wiki/Crowdfunding" title="Crowdfunding">Crowdfunding</a></li> <li><a href="/wiki/Freemium" title="Freemium">Freemium</a></li> <li><a href="/wiki/Freeware" title="Freeware">Freeware</a></li> <li><a href="/wiki/Pay_what_you_want" title="Pay what you want">Pay what you want</a> <ul><li><a href="/wiki/Careware" title="Careware">Careware</a></li> <li><a href="/wiki/Donationware" title="Donationware">Donationware</a></li></ul></li> <li><a href="/wiki/Open-core_model" title="Open-core model">Open-core model</a></li> <li><a href="/wiki/Postcardware" class="mw-redirect" title="Postcardware">Postcardware</a></li> <li><a href="/wiki/Shareware" title="Shareware">Shareware</a> <ul><li><a href="/wiki/Nagware" class="mw-redirect" title="Nagware">Nagware</a></li></ul></li> <li><a href="/wiki/Trialware" class="mw-redirect" title="Trialware">Trialware</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%">Delivery methods</th><td class="navbox-list-with-group navbox-list navbox-odd hlist" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Digital_distribution" title="Digital distribution">Digital distribution</a></li> <li><a href="/wiki/File_sharing" title="File sharing">File sharing</a></li> <li><a href="/wiki/On-premises_software" title="On-premises software">On-premises</a></li> <li><a href="/wiki/Pre-installed_software" title="Pre-installed software">Pre-installed</a></li> <li><a href="/wiki/Product_bundling" title="Product bundling">Product bundling</a></li> <li><a href="/wiki/Retail_software" title="Retail software">Retail software</a></li> <li><a href="/wiki/Sneakernet" title="Sneakernet">Sneakernet</a></li> <li><a href="/wiki/Software_as_a_service" title="Software as a service">Software as a service</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%">Deceptive and/or illicit</th><td class="navbox-list-with-group navbox-list navbox-even hlist" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Unwanted_software_bundling" class="mw-redirect" title="Unwanted software bundling">Unwanted software bundling</a></li> <li><a href="/wiki/Malware" title="Malware">Malware</a> <ul><li><a href="/wiki/Infostealer" title="Infostealer">Infostealer</a></li> <li><a class="mw-selflink selflink">Ransomware</a></li> <li><a href="/wiki/Spyware" title="Spyware">Spyware</a></li> <li><a href="/wiki/Trojan_horse_(computing)" title="Trojan horse (computing)">Trojan horse</a></li> <li><a href="/wiki/Computer_worm" title="Computer worm">Worm</a></li></ul></li> <li><a href="/wiki/Scareware" title="Scareware">Scareware</a></li> <li><a href="/wiki/Shovelware" title="Shovelware">Shovelware</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%"><a href="/wiki/Software_release_life_cycle" title="Software release life cycle">Software release life cycle</a></th><td class="navbox-list-with-group navbox-list navbox-odd hlist" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Abandonware" title="Abandonware">Abandonware</a></li> <li><a href="/wiki/End-of-life_product" title="End-of-life product">End-of-life</a></li> <li><a href="/wiki/Long-term_support" title="Long-term support">Long-term support</a></li> <li><a href="/wiki/Software_maintenance" title="Software maintenance">Software maintenance</a></li> <li><a href="/wiki/Software_maintainer" title="Software maintainer">Software maintainer</a></li> <li><a href="/wiki/Software_publisher" title="Software publisher">Software publisher</a></li> <li><a href="/wiki/Vaporware" title="Vaporware">Vaporware</a> <ul><li><a href="/wiki/List_of_vaporware" title="List of vaporware">list</a></li></ul></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%"><a href="/wiki/Copy_protection" title="Copy protection">Copy protection</a></th><td class="navbox-list-with-group navbox-list navbox-even hlist" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Digital_rights_management" title="Digital rights management">Digital rights management</a></li> <li><a href="/wiki/Software_protection_dongle" title="Software protection dongle">Software protection dongle</a></li> <li><a href="/wiki/License_manager" class="mw-redirect" title="License manager">License manager</a></li> <li><a href="/wiki/Product_activation" title="Product activation">Product activation</a></li> <li><a href="/wiki/Product_key" title="Product key">Product key</a></li> <li><a href="/wiki/Software_copyright" title="Software copyright">Software copyright</a></li> <li><a href="/wiki/Software_license_server" title="Software license server">Software license server</a></li> <li><a href="/wiki/Software_patent" title="Software patent">Software patent</a></li> <li><a href="/wiki/Torrent_poisoning" title="Torrent poisoning">Torrent poisoning</a></li></ul> </div></td></tr></tbody></table></div> <div class="navbox-styles"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1129693374"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1236075235"></div><div role="navigation" class="navbox" aria-labelledby="Malware_topics109" style="padding:3px"><table class="nowraplinks mw-collapsible autocollapse navbox-inner" style="border-spacing:0;background:transparent;color:inherit"><tbody><tr><th scope="col" class="navbox-title" colspan="2"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1129693374"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1239400231"><div class="navbar plainlinks hlist navbar-mini"><ul><li class="nv-view"><a href="/wiki/Template:Malware" title="Template:Malware"><abbr title="View this template">v</abbr></a></li><li class="nv-talk"><a href="/wiki/Template_talk:Malware" title="Template talk:Malware"><abbr title="Discuss this template">t</abbr></a></li><li class="nv-edit"><a href="/wiki/Special:EditPage/Template:Malware" title="Special:EditPage/Template:Malware"><abbr title="Edit this template">e</abbr></a></li></ul></div><div id="Malware_topics109" style="font-size:114%;margin:0 4em"><a href="/wiki/Malware" title="Malware">Malware</a> topics</div></th></tr><tr><th scope="row" class="navbox-group" style="width:1%">Infectious malware</th><td class="navbox-list-with-group navbox-list navbox-odd hlist" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Comparison_of_computer_viruses" title="Comparison of computer viruses">Comparison of computer viruses</a></li> <li><a href="/wiki/Computer_virus" title="Computer virus">Computer virus</a></li> <li><a href="/wiki/Computer_worm" title="Computer worm">Computer worm</a></li> <li><a href="/wiki/List_of_computer_worms" title="List of computer worms">List of computer worms</a></li> <li><a href="/wiki/Timeline_of_computer_viruses_and_worms" title="Timeline of computer viruses and worms">Timeline of computer viruses and worms</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%">Concealment</th><td class="navbox-list-with-group navbox-list navbox-even hlist" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Backdoor_(computing)" title="Backdoor (computing)">Backdoor</a></li> <li><a href="/wiki/Clickjacking" title="Clickjacking">Clickjacking</a></li> <li><a href="/wiki/Man-in-the-browser" title="Man-in-the-browser">Man-in-the-browser</a></li> <li><a href="/wiki/Man-in-the-middle_attack" title="Man-in-the-middle attack">Man-in-the-middle</a></li> <li><a href="/wiki/Rootkit" title="Rootkit">Rootkit</a></li> <li><a href="/wiki/Trojan_horse_(computing)" title="Trojan horse (computing)">Trojan horse</a></li> <li><a href="/wiki/Zombie_(computing)" title="Zombie (computing)">Zombie computer</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%">Malware for profit</th><td class="navbox-list-with-group navbox-list navbox-odd hlist" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Adware" title="Adware">Adware</a></li> <li><a href="/wiki/Botnet" title="Botnet">Botnet</a></li> <li><a href="/wiki/Crimeware" title="Crimeware">Crimeware</a></li> <li><a href="/wiki/Fleeceware" title="Fleeceware">Fleeceware</a></li> <li><a href="/wiki/Form_grabbing" title="Form grabbing">Form grabbing</a></li> <li><a href="/wiki/Dialer#Fraudulent_dialer" title="Dialer">Fraudulent dialer</a></li> <li><a href="/wiki/Infostealer" title="Infostealer">Infostealer</a></li> <li><a href="/wiki/Keystroke_logging" title="Keystroke logging">Keystroke logging</a></li> <li><a href="/wiki/Internet_bot#Malicious_purposes" title="Internet bot">Malbot</a></li> <li><a href="/wiki/Privacy-invasive_software" title="Privacy-invasive software">Privacy-invasive software</a></li> <li><a class="mw-selflink selflink">Ransomware</a></li> <li><a href="/wiki/Rogue_security_software" title="Rogue security software">Rogue security software</a></li> <li><a href="/wiki/Scareware" title="Scareware">Scareware</a></li> <li><a href="/wiki/Spyware" title="Spyware">Spyware</a></li> <li><a href="/wiki/Web_threat" title="Web threat">Web threats</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%">By operating system</th><td class="navbox-list-with-group navbox-list navbox-even hlist" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Category:Android_(operating_system)_malware" title="Category:Android (operating system) malware">Android malware</a></li> <li><a href="/wiki/Category:Classic_Mac_OS_viruses" title="Category:Classic Mac OS viruses">Classic Mac OS viruses</a></li> <li><a href="/wiki/Category:IOS_malware" title="Category:IOS malware">iOS malware</a></li> <li><a href="/wiki/Linux_malware" title="Linux malware">Linux malware</a></li> <li><a href="/wiki/Category:MacOS_malware" title="Category:MacOS malware">MacOS malware</a></li> <li><a href="/wiki/Macro_virus" title="Macro virus">Macro virus</a></li> <li><a href="/wiki/Mobile_malware" title="Mobile malware">Mobile malware</a></li> <li><a href="/wiki/Palm_OS_viruses" title="Palm OS viruses">Palm OS viruses</a></li> <li><a href="/wiki/HyperCard_viruses" class="mw-redirect" title="HyperCard viruses">HyperCard viruses</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%">Protection</th><td class="navbox-list-with-group navbox-list navbox-odd hlist" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Anti-keylogger" title="Anti-keylogger">Anti-keylogger</a></li> <li><a href="/wiki/Antivirus_software" title="Antivirus software">Antivirus software</a></li> <li><a href="/wiki/Browser_security" title="Browser security">Browser security</a></li> <li><a href="/wiki/Data_loss_prevention_software" title="Data loss prevention software">Data loss prevention software</a></li> <li><a href="/wiki/Defensive_computing" title="Defensive computing">Defensive computing</a></li> <li><a href="/wiki/Firewall_(computing)" title="Firewall (computing)">Firewall</a></li> <li><a href="/wiki/Internet_security" title="Internet security">Internet security</a></li> <li><a href="/wiki/Intrusion_detection_system" title="Intrusion detection system">Intrusion detection system</a></li> <li><a href="/wiki/Mobile_security" title="Mobile security">Mobile security</a></li> <li><a href="/wiki/Network_security" title="Network security">Network security</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%">Countermeasures</th><td class="navbox-list-with-group navbox-list navbox-even hlist" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Computer_and_network_surveillance" title="Computer and network surveillance">Computer and network surveillance</a></li> <li><a href="/wiki/Honeypot_(computing)" title="Honeypot (computing)">Honeypot</a></li> <li><a href="/wiki/Operation:_Bot_Roast" title="Operation: Bot Roast">Operation: Bot Roast</a></li></ul> </div></td></tr></tbody></table></div>    </div><noscript><img src="https://login.wikimedia.org/wiki/Special:CentralAutoLogin/start?useformat=desktop&type=1x1&usesul3=0" alt="" width="1" height="1" style="border: none; position: absolute;"></noscript> <div class="printfooter" data-nosnippet="">Retrieved from "<a dir="ltr" href="https://en.wikipedia.org/w/index.php?title=Ransomware&oldid=1275355444">https://en.wikipedia.org/w/index.php?title=Ransomware&oldid=1275355444</a>"</div></div> <div id="catlinks" class="catlinks" data-mw="interface"><div id="mw-normal-catlinks" class="mw-normal-catlinks"><a href="/wiki/Help:Category" title="Help:Category">Categories</a>: <ul><li><a href="/wiki/Category:Ransomware" title="Category:Ransomware">Ransomware</a></li><li><a href="/wiki/Category:Types_of_malware" title="Category:Types of malware">Types of malware</a></li><li><a href="/wiki/Category:Security_breaches" title="Category:Security breaches">Security breaches</a></li></ul></div><div id="mw-hidden-catlinks" class="mw-hidden-catlinks mw-hidden-cats-hidden">Hidden categories: <ul><li><a href="/wiki/Category:CS1_maint:_multiple_names:_authors_list" title="Category:CS1 maint: multiple names: authors list">CS1 maint: multiple names: authors list</a></li><li><a href="/wiki/Category:Articles_with_short_description" title="Category:Articles with short description">Articles with short description</a></li><li><a href="/wiki/Category:Short_description_is_different_from_Wikidata" title="Category:Short description is different from Wikidata">Short description is different from Wikidata</a></li><li><a href="/wiki/Category:Use_dmy_dates_from_May_2016" title="Category:Use dmy dates from May 2016">Use dmy dates from May 2016</a></li><li><a href="/wiki/Category:All_articles_with_vague_or_ambiguous_time" title="Category:All articles with vague or ambiguous time">All articles with vague or ambiguous time</a></li><li><a href="/wiki/Category:Vague_or_ambiguous_time_from_August_2023" title="Category:Vague or ambiguous time from August 2023">Vague or ambiguous time from August 2023</a></li><li><a href="/wiki/Category:Vague_or_ambiguous_time_from_July_2021" title="Category:Vague or ambiguous time from July 2021">Vague or ambiguous time from July 2021</a></li><li><a href="/wiki/Category:Articles_containing_potentially_dated_statements_from_2023" title="Category:Articles containing potentially dated statements from 2023">Articles containing potentially dated statements from 2023</a></li><li><a href="/wiki/Category:All_articles_containing_potentially_dated_statements" title="Category:All articles containing potentially dated statements">All articles containing potentially dated statements</a></li><li><a href="/wiki/Category:All_articles_that_may_contain_original_research" title="Category:All articles that may contain original research">All articles that may contain original research</a></li><li><a href="/wiki/Category:Articles_that_may_contain_original_research_from_June_2017" title="Category:Articles that may contain original research from June 2017">Articles that may contain original research from June 2017</a></li><li><a href="/wiki/Category:All_articles_lacking_reliable_references" title="Category:All articles lacking reliable references">All articles lacking reliable references</a></li><li><a href="/wiki/Category:Articles_lacking_reliable_references_from_February_2025" title="Category:Articles lacking reliable references from February 2025">Articles lacking reliable references from February 2025</a></li><li><a href="/wiki/Category:Articles_to_be_expanded_from_February_2025" title="Category:Articles to be expanded from February 2025">Articles to be expanded from February 2025</a></li><li><a href="/wiki/Category:All_articles_to_be_expanded" title="Category:All articles to be expanded">All articles to be expanded</a></li><li><a href="/wiki/Category:Pages_displaying_short_descriptions_of_redirect_targets_via_Module:Annotated_link" title="Category:Pages displaying short descriptions of redirect targets via Module:Annotated link">Pages displaying short descriptions of redirect targets via Module:Annotated link</a></li><li><a href="/wiki/Category:Pages_displaying_wikidata_descriptions_as_a_fallback_via_Module:Annotated_link" title="Category:Pages displaying wikidata descriptions as a fallback via Module:Annotated link">Pages displaying wikidata descriptions as a fallback via Module:Annotated link</a></li><li><a href="/wiki/Category:Articles_prone_to_spam_from_May_2016" title="Category:Articles prone to spam from May 2016">Articles prone to spam from May 2016</a></li><li><a href="/wiki/Category:Commons_category_link_from_Wikidata" title="Category:Commons category link from Wikidata">Commons category link from Wikidata</a></li><li><a href="/wiki/Category:Good_articles" title="Category:Good articles">Good articles</a></li></ul></div></div> </div> </main> </div> <div class="mw-footer-container"> <footer id="footer" class="mw-footer" > <ul id="footer-info"> <li id="footer-info-lastmod"> This page was last edited on 12 February 2025, at 15:13 (UTC).</li> <li id="footer-info-copyright">Text is available under the <a href="/wiki/Wikipedia:Text_of_the_Creative_Commons_Attribution-ShareAlike_4.0_International_License" title="Wikipedia:Text of the Creative Commons Attribution-ShareAlike 4.0 International License">Creative Commons Attribution-ShareAlike 4.0 License</a>; additional terms may apply. By using this site, you agree to the <a href="https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Terms_of_Use" class="extiw" title="foundation:Special:MyLanguage/Policy:Terms of Use">Terms of Use</a> and <a href="https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Privacy_policy" class="extiw" title="foundation:Special:MyLanguage/Policy:Privacy policy">Privacy Policy</a>. Wikipedia® is a registered trademark of the <a rel="nofollow" class="external text" href="https://wikimediafoundation.org/">Wikimedia Foundation, Inc.</a>, a non-profit organization.</li> </ul> <ul id="footer-places"> <li id="footer-places-privacy"><a href="https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Privacy_policy">Privacy policy</a></li> <li id="footer-places-about"><a href="/wiki/Wikipedia:About">About Wikipedia</a></li> <li id="footer-places-disclaimers"><a href="/wiki/Wikipedia:General_disclaimer">Disclaimers</a></li> <li id="footer-places-contact"><a href="//en.wikipedia.org/wiki/Wikipedia:Contact_us">Contact Wikipedia</a></li> <li id="footer-places-wm-codeofconduct"><a href="https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Universal_Code_of_Conduct">Code of Conduct</a></li> <li id="footer-places-developers"><a href="https://developer.wikimedia.org">Developers</a></li> <li id="footer-places-statslink"><a href="https://stats.wikimedia.org/#/en.wikipedia.org">Statistics</a></li> <li id="footer-places-cookiestatement"><a href="https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Cookie_statement">Cookie statement</a></li> <li id="footer-places-mobileview"><a href="//en.m.wikipedia.org/w/index.php?title=Ransomware&mobileaction=toggle_view_mobile" class="noprint stopMobileRedirectToggle">Mobile view</a></li> </ul> <ul id="footer-icons" class="noprint"> <li id="footer-copyrightico"><a href="https://wikimediafoundation.org/" class="cdx-button cdx-button--fake-button cdx-button--size-large cdx-button--fake-button--enabled"><img src="/static/images/footer/wikimedia-button.svg" width="84" height="29" alt="Wikimedia Foundation" lang="en" loading="lazy"></a></li> <li id="footer-poweredbyico"><a href="https://www.mediawiki.org/" class="cdx-button cdx-button--fake-button cdx-button--size-large cdx-button--fake-button--enabled"><img src="/w/resources/assets/poweredby_mediawiki.svg" alt="Powered by MediaWiki" width="88" height="31" loading="lazy"></a></li> </ul> </footer> </div> </div> </div> <div class="vector-header-container vector-sticky-header-container"> <div id="vector-sticky-header" class="vector-sticky-header"> <div class="vector-sticky-header-start"> <div class="vector-sticky-header-icon-start vector-button-flush-left vector-button-flush-right" aria-hidden="true"> <button class="cdx-button cdx-button--weight-quiet cdx-button--icon-only vector-sticky-header-search-toggle" tabindex="-1" data-event-name="ui.vector-sticky-search-form.icon"> Search </button> </div> <div role="search" class="vector-search-box-vue vector-search-box-show-thumbnail vector-search-box"> <div class="vector-typeahead-search-container"> <div class="cdx-typeahead-search cdx-typeahead-search--show-thumbnail"> <form action="/w/index.php" id="vector-sticky-search-form" class="cdx-search-input cdx-search-input--has-end-button"> <div class="cdx-search-input__input-wrapper" data-search-loc="header-moved"> <div class="cdx-text-input cdx-text-input--has-start-icon"> <input class="cdx-text-input__input" type="search" name="search" placeholder="Search Wikipedia"> </div> <input type="hidden" name="title" value="Special:Search"> </div> <button class="cdx-button cdx-search-input__end-button">Search</button> </form> </div> </div> </div> <div class="vector-sticky-header-context-bar"> <nav aria-label="Contents" class="vector-toc-landmark"> <div id="vector-sticky-header-toc" class="vector-dropdown mw-portlet mw-portlet-sticky-header-toc vector-sticky-header-toc vector-button-flush-left" > <input type="checkbox" id="vector-sticky-header-toc-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-sticky-header-toc" class="vector-dropdown-checkbox " aria-label="Toggle the table of contents" > <label id="vector-sticky-header-toc-label" for="vector-sticky-header-toc-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only " aria-hidden="true" > Toggle the table of contents </label> <div class="vector-dropdown-content"> <div id="vector-sticky-header-toc-unpinned-container" class="vector-unpinned-container"> </div> </div> </div> </nav> <div class="vector-sticky-header-context-bar-primary" aria-hidden="true" >Ransomware</div> </div> </div> <div class="vector-sticky-header-end" aria-hidden="true"> <div class="vector-sticky-header-icons"> <a href="#" class="cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only" id="ca-talk-sticky-header" tabindex="-1" data-event-name="talk-sticky-header"> </a> <a href="#" class="cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only" id="ca-subject-sticky-header" tabindex="-1" data-event-name="subject-sticky-header"> </a> <a href="#" class="cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only" id="ca-history-sticky-header" tabindex="-1" data-event-name="history-sticky-header"> </a> <a href="#" class="cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only mw-watchlink" id="ca-watchstar-sticky-header" tabindex="-1" data-event-name="watch-sticky-header"> </a> <a href="#" class="cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only" id="ca-edit-sticky-header" tabindex="-1" data-event-name="wikitext-edit-sticky-header"> </a> <a href="#" class="cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only" id="ca-ve-edit-sticky-header" tabindex="-1" data-event-name="ve-edit-sticky-header"> </a> <a href="#" class="cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only" id="ca-viewsource-sticky-header" tabindex="-1" data-event-name="ve-edit-protected-sticky-header"> </a> </div> <div class="vector-sticky-header-buttons"> <button class="cdx-button cdx-button--weight-quiet mw-interlanguage-selector" id="p-lang-btn-sticky-header" tabindex="-1" data-event-name="ui.dropdown-p-lang-btn-sticky-header"> 60 languages </button> <a href="#" class="cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--action-progressive" id="ca-addsection-sticky-header" tabindex="-1" data-event-name="addsection-sticky-header"> Add topic </a> </div> <div class="vector-sticky-header-icon-end"> <div class="vector-user-links"> </div> </div> </div> </div> </div> <div class="vector-settings" id="p-dock-bottom"> <ul></ul> </div><script>(RLQ=window.RLQ||[]).push(function(){mw.config.set({"wgHostname":"mw-web.codfw.main-56d8db5f6f-qswlw","wgBackendResponseTime":130,"wgPageParseReport":{"limitreport":{"cputime":"2.107","walltime":"2.344","ppvisitednodes":{"value":12664,"limit":1000000},"postexpandincludesize":{"value":360549,"limit":2097152},"templateargumentsize":{"value":5201,"limit":2097152},"expansiondepth":{"value":15,"limit":100},"expensivefunctioncount":{"value":21,"limit":500},"unstrip-depth":{"value":1,"limit":20},"unstrip-size":{"value":639912,"limit":5000000},"entityaccesscount":{"value":1,"limit":400},"timingprofile":["100.00% 2089.974 1 -total"," 58.24% 1217.118 1 Template:Reflist"," 31.91% 667.007 111 Template:Cite_web"," 12.79% 267.230 20 Template:Annotated_link"," 10.24% 213.993 37 Template:Cite_news"," 5.09% 106.370 1 Template:Short_description"," 4.37% 91.403 2 Template:Cite_conference"," 3.93% 82.205 3 Template:Navbox"," 3.71% 77.458 1 Template:Information_security"," 3.63% 75.852 6 Template:Fix"]},"scribunto":{"limitreport-timeusage":{"value":"1.432","limit":"10.000"},"limitreport-memusage":{"value":21721711,"limit":52428800},"limitreport-profile":[["dataWrapper \u003Cmw.lua:672\u003E","320","21.6"],["MediaWiki\\Extension\\Scribunto\\Engines\\LuaSandbox\\LuaSandboxCallback::callParserFunction","200","13.5"],["?","160","10.8"],["MediaWiki\\Extension\\Scribunto\\Engines\\LuaSandbox\\LuaSandboxCallback::getExpandedArgument","120","8.1"],["MediaWiki\\Extension\\Scribunto\\Engines\\LuaSandbox\\LuaSandboxCallback::gsub","80","5.4"],["\u003Cmw.lua:694\u003E","60","4.1"],["MediaWiki\\Extension\\Scribunto\\Engines\\LuaSandbox\\LuaSandboxCallback::getAllExpandedArguments","60","4.1"],["type","60","4.1"],["select_one \u003CModule:Citation/CS1/Utilities:429\u003E","40","2.7"],["(for generator)","40","2.7"],["[others]","340","23.0"]]},"cachereport":{"origin":"mw-api-int.codfw.main-8b564fbf4-m26cn","timestamp":"20250212151402","ttl":2592000,"transientcontent":false}}});});</script> <script type="application/ld+json">{"@context":"https:\/\/schema.org","@type":"Article","name":"Ransomware","url":"https:\/\/en.wikipedia.org\/wiki\/Ransomware","sameAs":"http:\/\/www.wikidata.org\/entity\/Q926331","mainEntity":"http:\/\/www.wikidata.org\/entity\/Q926331","author":{"@type":"Organization","name":"Contributors to Wikimedia projects"},"publisher":{"@type":"Organization","name":"Wikimedia Foundation, Inc.","logo":{"@type":"ImageObject","url":"https:\/\/www.wikimedia.org\/static\/images\/wmf-hor-googpub.png"}},"datePublished":"2005-05-18T21:36:13Z","dateModified":"2025-02-12T15:13:50Z","headline":"program that locks files until a sum of money is paid"}</script> </body> </html>