In wake of an attack on computers at Colorado ’ s DOT , experts at Webroot shed light on ransomware Last month , employees at the Colorado Department of Transportation were greeted by a message on their computer screens similar to this : “ All your files are encrypted with RSA-2048 encryption . … It ’ s not possible to recover your files without private key . … You must send Attack.Ransom us 0.7 BitCoin for each affected PC or 3 BitCoins to receive ALL Private Keys for ALL affected PC ’ s. ” CDOT isn ’ t paying Attack.Ransom , but others have . In fact , so-called ransomware has become one of the most lucrative criminal enterprises in the U.S. and internationally , with the FBI estimating total payments Attack.Ransom are nearing $ 1 billion . Hackers use ransomware to encrypt computer files , making them unreadable without a secret key , and then demand digital currency Attack.Ransom like bitcoin if victims want the files back — and many victims are falling for that promise . To better understand how ransomware works and how it has spread so effectively , The Denver Post talked with Broomfield anti-malware company Webroot , which got its start in the late 1990s cleansing computer viruses from personal computers . “ The end goal is just to put ransomware on the computer because right now the most successful way for cybercriminals to make money is with ransoming Attack.Ransom your files , ” said Tyler Moffitt , a senior threat research analyst at Webroot . Ransomware infects more than 100,000 computers around the world every day and payments Attack.Ransom are approaching $ 1 billion , said U.S. Deputy Attorney General Rod J. Rosenstein during the October 2017 Cambridge Cyber Summit , citing FBI statistics . A study by researchers at Google , Chainalysis , University of California San Diego and NYU Tandon School of Engineering estimated that from 2016 to mid 2017 , victims paid Attack.Ransom $ 25 million in ransom Attack.Ransom to get files back . And one out of five businesses that do pay the ransom Attack.Ransom don ’ t get their data back , according to 2016 report by Kaspersky Labs . It ’ s a growing business for cybercriminals . And whether to pay or not is something each user or company must decide . Last spring , the Erie County Medical Center in New York was attacked Attack.Ransom by SamSam due to a misconfigured web server , according to The Buffalo News . Because it had backed up its files , the hospital decided not to pay Attack.Ransom the estimated $ 44,000 ransom Attack.Ransom . It took six weeks to get back to normal at a recovery cost of nearly $ 10 million . More recently in January , the new SamSam variant sneaked Attack.Ransom into Indiana hospital Hancock Health , which decided to pay Attack.Ransom 4 bitcoin , or about $ 55,000 , in ransom Attack.Ransom . Attackers gained entry by using a vendor ’ s username and password on a Thursday night . The hospital was back online by Monday morning . Other times , malware isn ’ t so obvious . Some propagate when user visits infected websites . A trojan named Poweliks injected bad code into vulnerable programs , like an unpatched Internet Explorer . Poweliks crept into the Windows registry to force the computer to do all sorts of nasty things , from demanding a ransom Attack.Ransom to joining a click-fraud bot network to click ads without the user even realizing it . There also are booby-trapped ads , known as malvertising . They get into computers by , again , targeting flawed software and injecting malicious code . This has targeted programs like unpatched Adobe Flash Player , Java or other runtime software , or software that runs online all the time .