Ransomware is malicious software which prevents users to access their files until a victim pay the ransom in exchange for decryption keys. Similar to a trojan and virus, ransomware spread through emails or other, including vulnerabilities found on the target device. Upon infecting, Ransomware encrypts users’ data and demand a varying amount of ransom payment which mostly in cryptocurrency in exchange for ‘key’ to decrypt. Even with the physical location of the files remains unchanged, it is impossible to access the data without decrypting the files. The demand of ransom payment even added a warning that it would raise periodically. And finally, these threatening messages translated into 28 different languages.

Ransomware attack first documented are targeting the healthcare industry on 1989, called name AIDS or PC-CYBORG. Upon infecting PCs, this malicious software remains dormant until 90 times power cycle. After this, extortion message appears asking ransom payment for a software lease. This malware using symmetric cryptography written by the developer, which fortunately is easy to decrypt. After this, ransomware attack becomes uncommon in cyber threat.

Start from 2005; ransomware was begun to leverage its position in the cyber attack by being recognized as a threat to International users. Ransomware attack occurrence is even outnumbered data breach attack from since last 11 years. Many of them earned name-recognition for the destructive power it possessed. Sophisticated encryption and computing power become the major league supporter. Since more than 11 years; this ransomware attack is so consistent to be classified as crypto and locker.

Crypto-type ransomware is blocking access to users’ files by performing encryption. It is using advanced development techniques (crypters) together with offline encryption methods (i.e., Microsoft’s CryptoAPI); to ensure the reverse-engineering is extremely difficult. By using this offline encryption would eliminate the need for using Command and Control communications to generate the encryption key.

Locker ransomware is locking their victim devices with a displayed message claim to be from law enforcement. This message said that this user had taking part of the illegal activity. To regain access, the victim must pay a ‘fine’ as a ransom payment. A recent version of locker ransomware even has password-stealing capabilities. Paying the ransom will never stop the future attack.

The attackers are taking advantage of the digitation memories or financial information creating pressure points examine our willingness to pay using anonymous cryptocurrencies (i.e., BitCoin), allowing the perpetrator to extract the payment virtually untraceable. In 2015, estimated about 3.8 million ransomware attack, increased by 19% from 2014 which is 3.2 million attack. However, the prominent attack happens in 2016 for 638 million attack or 167 times from 2015. This number belief will continue to grow in 2017 onward as the arrival of ransomware-as-service. It is now getting easier for cyber criminals to launch an attack. Only by subscribe to this service and agree to share for 30% commission for all received ransom payment.


The further growth of ransomware variants causes nearly impossible to anticipate on every attack made. Organizations can take further actions. Nevermore pay ransom demands! The most critical point is end-users education about phishing,  drive-by-download, or malware. Ransomware is ever-evolving threat on which require combination of process control and company-wide engagement. The knowledge can help a lot in raising consciousness and thus leverage a more protected environment. Ensure that all anti-virus, operating and security systems are patched and update to the latest release. We may have an options to review whether the encrypted files are critical to business. The adequate backup-restore strategy will help a lot during ransomware attack, so keep reviewing this on a regular basis.

There are many simple things we can do to avoid ransomware. Stay alert and always do your best on the backup routine.