Special Issue on Ransomware

Ransomware: How to protect yourself – Internet ScamBusters #182

Internet ScamBusters™
The #1 Publication on Internet Fraud

By Audri and Jim Lanford
Copyright © Audri and Jim Lanford
All rights reserved.
Issue #182


Today we have a Special Issue for you dedicated entirely to "Ransomware."
We’ll tell you what ransomware is, how it works, the common variants, and most
importantly, how to protect yourself.

This is a very important topic — we predict that ransomware will be on our Top
10 List of Internet Scams for 2007.

First though, we recommend you check out the most popular articles from our other
sites during the past week (especially the first one):

New Identity
Theft Scam

Can Gas
Rewards Credit Cards
Save You Money on Gas?

Alert Jewelry
: The Difference Between Life and Death

Backyard BBQ

On to our Special Issue about ransomware…

Ransomware: How to Protect Yourself

Let’s start with: what is ransomware?

Just like thieves kidnap people and then demand a ransom to return them unharmed,
ransomware is an extortion scheme whereby thieves hijack the victim’s computer
files and then demand a ransom so the victim can have them back in their original

More specifically, malicious code is used to seize control of the victim’s computer
and hijack the computer files, and the files are then encrypted by this malicious
code. So, all of a sudden, a user’s computer files are in a format that is not
readable by humans!

This can be very disconcerting, to say the least.

The scammer then demands payment in exchange for the decryption key.

The amount of ransom can vary quite dramatically. Scammers who ask for small ransoms
of $10 have generally been much more successful than thieves who ask for several
hundred dollars.

Payment is often demanded through some type of online currency, such as Webmoney
or eGold, although wiring money via Western Union is not uncommon.

Ransom.A is one program that claims it will destroy one computer file every 30
minutes until the victim pays the ransom. (In this case, however, Ransom.A doesn’t
actually delete or encrypt anything — it’s a hoax. Nonetheless, it’s probably
a very effective hoax.) ;-)

Another ransomware program, Trojan.Archiveus, is a Trojan horse that password
protects files and then asks the user to pay the ransom to get a password that
unlocks the files. In this case, the virus writer made the critical error of placing
the password in the code.

According to Symantec, the password is: mf2lro8sw03ufvnsq034jfowr18f3cszc20vmw


Recently, security experts have discovered a new ransomware variant in which the
scammer demands that the victim purchase a specific amount of pharmaceutical drugs
from a Russian online pharmacy to meet the ransom demand.

Ransomware programs also may try to embarrass victims to get them to comply quickly,
using tactics like displaying adult images.

Ransomware is currently a PC (and not a Mac) problem.

Ransomware attacks can occur via email attachments or direct access to a computer
network; however, most ransomware attacks are browser-based.

For example, the Web-filtering software company Websense described one ransomware
case in which someone visited a website that was hacked. A Trojan horse entered
the victim’s network and was able to search all of the system directories and
mapped drives. After the program encrypted the files and left a ransom note, it
deleted itself.

Until now, cases of ransomware have been quite rare, but they are increasing at
a very fast clip right now. That’s why we wanted to alert you to this threat now.

A related threat, which is currently more common than ransomware, is for a hacker
to break into a company computer system to prove he can do it, and then demand
payment for not attacking the system.

Security experts say that some gaming sites have experienced this threat and have
paid up to tens of thousands of dollars to avoid the attacks.

How to protect yourself from ransomware: The good news is you don’t need special
ransomware products to protect yourself or your computer network from ransomware.

Rather, the same methods of protecting yourself that we’ve been recommending for
your general computer security apply: use firewalls, up-to-date anti-virus and
anti-spyware software, and keeping your browser, system software and other software
up-to-date with the latest patches.

Further, we recommend you use a pop-up blocker if you don’t already. A lot of
ransomware is delivered via pop-ups. And of course, be very careful about downloading
software — games, screensavers, etc. can include ransomware.

Last but certainly not least, it is vital to back up not only your personal computer
files very regularly, but your system files as well.

You can read more about ransomware (and PC backup suggestions) from Brian Krebs
on the Washington Post blog:


Time for us to take a walk through the mountains! We’ll see you next week.