Special Issue on Ransomware

Ransomware: How to protect yourself – Internet ScamBusters #182


Today we have a Special Issue for you dedicated entirely to “Ransomware.” We’ll tell you what ransomware is, how it works, the common variants, and most importantly, how to protect yourself.

This is a very important topic — we predict that ransomware will be on our Top 10 List of Internet Scams for 2007.

First though, we recommend you check out the most popular articles from our other sites during the past week (especially the first one):

New Identity Theft Scam

Can Gas Rewards Credit Cards Save You Money on Gas?

Medial Alert Jewelry: The Difference Between Life and Death

Backyard BBQ Fun

On to our Special Issue about ransomware…


Ransomware: How to Protect Yourself


Let’s start with: what is ransomware?

Just like thieves kidnap people and then demand a ransom to return them unharmed, ransomware is an extortion scheme whereby thieves hijack the victim’s computer files and then demand a ransom so the victim can have them back in their original condition.

More specifically, malicious code is used to seize control of the victim’s computer and hijack the computer files, and the files are then encrypted by this malicious code. So, all of a sudden, a user’s computer files are in a format that is not readable by humans!

This can be very disconcerting, to say the least.

The scammer then demands payment in exchange for the decryption key.

The amount of ransom can vary quite dramatically. Scammers who ask for small ransoms of $10 have generally been much more successful than thieves who ask for several hundred dollars.

Payment is often demanded through some type of online currency, such as Webmoney or eGold, although wiring money via Western Union is not uncommon.

Ransom.A is one program that claims it will destroy one computer file every 30 minutes until the victim pays the ransom. (In this case, however, Ransom.A doesn’t actually delete or encrypt anything — it’s a hoax. Nonetheless, it’s probably a very effective hoax.) ;-)

Another ransomware program, Trojan.Archiveus, is a Trojan horse that password protects files and then asks the user to pay the ransom to get a password that unlocks the files. In this case, the virus writer made the critical error of placing the password in the code.

According to Symantec, the password is: mf2lro8sw03ufvnsq034jfowr18f3cszc20vmw

http://www.symantec.com/avcenter/venc/data/trojan.archiveus.html

Recently, security experts have discovered a new ransomware variant in which the scammer demands that the victim purchase a specific amount of pharmaceutical drugs from a Russian online pharmacy to meet the ransom demand.

Ransomware programs also may try to embarrass victims to get them to comply quickly, using tactics like displaying adult images.

Ransomware is currently a PC (and not a Mac) problem.

Ransomware attacks can occur via email attachments or direct access to a computer network; however, most ransomware attacks are browser-based.

For example, the Web-filtering software company Websense described one ransomware case in which someone visited a website that was hacked. A Trojan horse entered the victim’s network and was able to search all of the system directories and mapped drives. After the program encrypted the files and left a ransom note, it deleted itself.

Until now, cases of ransomware have been quite rare, but they are increasing at a very fast clip right now. That’s why we wanted to alert you to this threat now.

A related threat, which is currently more common than ransomware, is for a hacker to break into a company computer system to prove he can do it, and then demand payment for not attacking the system.

Security experts say that some gaming sites have experienced this threat and have paid up to tens of thousands of dollars to avoid the attacks.

How to protect yourself from ransomware: The good news is you don’t need special ransomware products to protect yourself or your computer network from ransomware.

Rather, the same methods of protecting yourself that we’ve been recommending for your general computer security apply: use firewalls, up-to-date anti-virus and anti-spyware software, and keeping your browser, system software and other software up-to-date with the latest patches.

Further, we recommend you use a pop-up blocker if you don’t already. A lot of ransomware is delivered via pop-ups. And of course, be very careful about downloading software — games, screensavers, etc. can include ransomware.

Last but certainly not least, it is vital to back up not only your personal computer files very regularly, but your system files as well.

You can read more about ransomware (and PC backup suggestions) from Brian Krebs on the Washington Post blog:

http://blog.washingtonpost.com/securityfix/2006/05/ransomware_rising_1.html

Time for us to take a walk through the mountains! We’ll see you next week.