1. Malware that holds the victim’s device (computer, phone, etc.) and data for ransom, by means of encrypting the files on the device or preventing access to the device. Election office computers should maintain high levels of cyber hygiene, including up-to-date antimalware systems and adherence to best practices regarding managing browser and email client activities.

Source: Information Technology Terminology, U.S. Election Assistance Commission, https://www.eac.gov/documents/2017/09/21/information-technology-terminology-security; The State and Local Election Cybersecurity Playbook, Defending Digital Democracy Project, Harvard Kennedy School Belfer Center for Science and International Affairs, https://www.belfercenter.org/sites/default/files/files/publication/StateLocalPlaybook%201.1.pdf

2. Ransomware is a type of malicious computer program that encrypts files on a victim’s computer so that the computer’s owner cannot access them. The ransomware then holds the files hostage until the owner pays a ransom (generally by using a crypto-currency like Bitcoin, to limit the ability of the computer owner to identify the persons responsible). If the ransom is paid, the files are decrypted and the victim is able to use them again. If the ransomware is not paid within a certain amount of time, the ransomware deletes the encryption key and the files are generally permanently lost.

Source: Election Cybersecurity 101 Field Guide – Glossary, Center for Democracy & Technology, https://cdt.org/insight/election-cybersecurity-101-field-guide-glossary/

3. Malware installed on a victim’s device that mounts either an extortion attack that holds the victim’s data hostage or threatens to publish the victim’s data until a ransom is paid.

Source: U.S. Cyberspace Solarium Commission, March 2020, https://subscriber.politicopro.com/f/?id=00000170-c638-d8f7-a7f1-f63b33510000

4. A form of malware used to extort money from the owners of infected computers. Typically, the perpetrator encrypts or deletes data on an infected computer and provides the code needed to recuperate the data only after a ransom has been paid.

Source: Information Assurance Situation in Switzerland and Internationally, Reporting and Analysis Centre for Information Assurance MELANI, https://www.newsd.admin.ch/newsd/message/attachments/11945.pdf