is malicious software
, usually delivered as a trojan
attachment via an e-mail
, that automatically encrypts files on an infected computer. The owner of the computer is then informed that their files can only be accessed again with a decryption code that the programmer of the ransomware will provide, for a price.
One example is Trojan.Gpcoder, a 56k trojan horse which is loaded onto a platform thanks to the Internet Explorer vulnerability MS04-023. It then searches for files with various extensions (including word documents, photos, databases, Zip files and spreadsheets) and encodes them. The original files are deleted, and the user is sent a message through a pop up stating how their files can be recovered. Trojan.Gpcoder is also known as Virus.Win32.Gpcode.b, PGPcoder and TROJ_PGPCODER.A, and has been identified by the software security providers Kaspersky Lab, McAfee and Trend Micro.
Incidents of ransomware are relatively few. In one instance a criminal group possibly originating from Eastern Europe were extorting $200 payments from their victims.