Skip to content

Beware of Ransomware

MySecurity

Ransomware is the latest Internet security threat to pose a risk to the general public. It is an Internet delivered malware, or malicious Internet threat, that disables a user’s personal computer through a series of announcements that say the computer in question is infected with a virus or the user has illegally downloaded content and demands a payment to fix it. The malware overtakes most if not all aspects of the computer, and the user is unable to do anything until the malware issue is resolved.

That resolution is often some form of “ransom” payment that can be made with a credit card. Unfortunately, the payment is a con – it usually doesn’t resolve anything, just gives your credit card number to online thieves and hackers. Ransomware usually has to be removed by a trusted source for computer repair and virus removal. The con is run by a growing number of gangs of cybercriminals, and unfortunately, it’s becoming quite lucrative.

Originally affecting computer users in Russia and Eastern Europe in 2009, ransomware variants have since spread across Europe and are now turning up in North America, according to Symantec, which has published a “General Trojan Ransomlock Removal” process on its website.

The IT and Internet security provider has also uploaded an instructional “Remove FBI Moneypak” video on YouTube for those afflicted by this U.S. ransomware variant.

Recent ransomware variants use “law-enforcement imagery” in an attempt to legitimize their cybercrimes, installing malware and making use of geolocation services to locate a computer and present a message screen custom designed for the country in which the computer is located.

“The message usually claims that the user has broken the law by browsing some illegal material,” Symantec explains in a press release. One making the rounds in the U.S. claims to be issued by the FBI. The ransomware message requests victims pay a fine that’s been found to range from 50-100 euros in Europe and up to $200 in the US.

“At least 16 different versions of ransomware have been identified over the past year and a half,” Symantec continues. “Each version is not an ‘upgrade’ from a previous version, but rather a unique variant, associated with a separate gang.

“These gangs have independently developed, or bought, their own different version of ransomware. The gangs are not new to cybercrime; they have been associated with other threats and scams in the past such as banking Trojans and rogue antivirus programs. Ransomware has now become a more lucrative enterprise for them.”

Ransomware is highly profitable, with as many as 2.9% of victims paying the ransom, Symantec’s found. Investigating one of the “smaller players in this scam,” 68,000 compromised computers were identified in just one month, “which could have resulted in a fraudster obtaining up to $400,000.”

Using malware called Reveton (Trojan.Ransomlock.G) a larger cybercrime gang was detected attempting to infect 500,000 computers over 18 days. “A conservative estimate is that over 5 million dollars a year is being extorted from victims. The real number is, however, likely to be much higher,” according to Symantec, which has published a whitepaper on its investigation into multiple ransomware variants.

Comments are closed.