Tuesday, November 13, 2012

Ransomware Rising

It's bad when your computer becomes sluggish because some botmaster in Moldova has installed malware on it that turns it into a zombie sending spam to everyone you've ever emailed. It's worse when your computer crashes because the hackers are more interested in the cyber equivalent of vandalism than in "borrowing" your unused computing capacity. The worst, though, may be having your computer lock up and display a message indicating that the hackers will unlock it after you send them money--in other words, online extortion using what is called "ransomware."

The computer security firm Symantec reports that ransomware is spreading and that cyber criminals are finding new and better ways to profit from it. What began about six years ago as a scam targeting computer users in Russia and Eastern Europe has become more sophisticated and has spread to Western Europe and North America.

The malware works like this: A computer user clicks on an infected site--perhaps an ad--that appears legitimate but actually redirects the browser to a hidden website that downloads malware to the user's computer. When the malicious file runs, it locks up the infected computer by preventing essential programs from executing. It then displays a message on the computer's screen demanding that the user pay a "fine," often by using a prepaid electronic payment system or calling a pay-per-call phone number. In some versions, the displayed message is superimposed on a pornographic image and indicates that the "fine" is for having browsed illegal websites. In other versions, the displayed message appears to be from the FBI or another law enforcement agency; it also includes a message alleging illegal activities.

Symantec estimates that up to 3 percent of victims have paid the "fines" of $200 or more, resulting in a haul for cyber criminals of at least $5 million. Payment, incidentally, does not unlock the computer as promised. It is still necessary to remove the malware by running anti-virus software.

For more on ransomware, see this story in ComputerWorld or this CNET story. (Or watch this three-minute video from Symantec.) And for more on protecting your computer, just make sure your anti-virus software is up to date.