Harm:

Ransomware

Definition: Malware which holds a user's data as a hostage until a ransom is paid.
Actor:
Informal Groups
Motivation:
Financial
Legal Status:
Almost always illegal
Platform ToS:
Violates Policy
Victim Visibility:
Aware
Classification:
Contextually Sensitive
TSPA Abuse Type:
Scaled Abuse: Malware

Ransomware is a form of malware that infiltrates computer systems and encrypts the system's data, making it inaccessible to its users. The perpetrators then demand a ransom, typically in cryptocurrency, in exchange for the decryption key to restore the locked data. The consequences can be devastating, resulting in financial loss, operational disruption, reputation damage, and revealing sensitive information.

Ransomware is a large industry, with informal groups specializing in different elements of the crime. Some organizations only build the malware that gains access to the system, while other organizations focus on building the user interface to help victims figure out how to quickly and easily pay their ransoms, with still other folks compiling lists of potential victims, and still others bringing all of this together to deploy these tools against them at scale. Most ransomware is initiated from countries with some degree of state sanction for the malware, so long as it only harms people outside of its borders.  It is an industry that is highly technically sophisticated, constantly innovating, and strongly motivated.

Online platforms facilitate the proliferation of ransomware in the same ways that they assist the distribution of other forms of malware - namely giving users the ability to share files and links with one another. However, online platforms are also frequently the mechanisms by which ransomer will release data if they are not paid.

While preventing a ransomer from using a platform to release data is not possible, one basic step can make it much more likely: don't allow anonymous uploads, or don't allow public file access. Account creation tends to tie a ton of data back to the person who created it, so if a ransomer is considering releasing data via a platform, they're much less likely to do so if they cannot release it anonymously. And since the threat behind ransomware is the public disclosure of information, if a platform doesn't support public file sharing, the risk is reduced significantly.

What features facilitate Ransomware?

File/Link Sharing
The capacity of one user to publish or share files or links with other users.

How can platform design prevent Ransomware?

Perform basic link vetting
Run basic validation on the contents that something links to before showing the link to the user.
Stolen credentials are still the most common way for attackers to gain access to a system.
Two-Factor Authentication
Authenticating users through two types of credentials (something you have, something you know, something you are).
Anonymous Limitations
Require users to create an account before they can use features that create data or interact with others.
Label/Detect Identical Content
For some features, duplicate data suggests misuse.
Warn Before Risky Action
Use signals about affinity and content to occasionally warn the user about what they're about to see/download/visit.
Is something missing, or could it be better?
About This SiteGet InvolvedContactCopyrightPrivacy
Loading...