Ransomware: The New Dangerous -- and Highly Offensive -- Computer Scam to Watch Out For
Ransomware is one of the most malicious computer scams out
there, and while the number of those affected is still small,
cases appear to be on the rise, according to FBI spokesman
Unlike many computer scams, which may harm your computer,
harm its files, or entice you to give out personal information,
ransomware's power lies in extortion. In this scheme, thieves
hijack your computer files, encrypt them into a form that
cannot be read by humans, then demand a ransom in exchange
for the code to make your files readable again.
If a ransomware program infects your computer, hackers
may demand from $10 to hundreds of dollars for the safe
return of your files.
Ransoms of $10 to Hundreds of Dollars
The criminals behind ransomware have demanded anywhere from
$10 to several hundreds of dollars for their antidote codes,
payable with online currency like Webmoney or eGold, or even
by wiring via Western Union.
There are a couple of variations of this scheme to watch
The traditional scheme in which all of your computer
files suddenly become unreadable. Only one, perhaps named
"Important" can be read, and it will contain
the thieves' directions for you to e-mail them for the
decryption code. Upon your e-mail, a ransom note will
Ransom.A, in which the culprits say they will delete
one of your computer files every 30 minutes until the
ransom is paid. The program may also pop up pornographic
images on your computer in order to embarrass you into
complying more quickly. This is a hoax, however, as the
program doesn't have the power to delete anything, but
most people don't want to take the chance.
Trojan.Archiveus, a program that requires a password
to be entered in order for you to read your files. The
thieves ask for a ransom to get the password, and may
require you to make purchases from an online pharmacy
rather than make a payment.
SophosLabs, a company that protects businesses from viruses,
spam, phishing, spyware and other malware, has reportedly
found the password for this scam.
"The password is deliberately long and complicated in
an attempt by the hackers to avoid people easily cracking
it. Experts at Sophos have disassembled the Arhiveus Trojan
and determined that the password is mf2lro8sw03ufvnsq034jfowr18f3cszc20vmw,"
said Graham Cluley, senior technology consultant for SophosLabs.
"So there should be no reason for anyone hit by this
ransomware attack to have to make any payments to the criminals
Ransomware Has its Risks to Hackers
"Of all the ways a hacker could choose to do damage,
ransomware is a fairly high-risk operation," says Gary
Morse, president of Razorpoint Security Technologies. "There
are at least four or five points of contact necessary to pull
this off," he says.
The hackers first have to break into your system, then implant
a code, let the computer's owner know how to leave a ransom
and then wait for the ransom.
"If one wants to earn a living through hacking, there
are safer ways," Morse continues.
No special programs are necessary to protect your computer
from ransomware. Typical anti-virus software, firewalls,
pop-up blockers, operating system patches and being
careful about what you download should suffice.
Nonetheless, experts say future ransomware attacks could
become more sophisticated and therefore more dangerous.
How to Avoid a Ransomware Attack
"Internet hackers are getting bolder in their attempts
to steal money from innocent Web users. Once your valuable
data is locked away you may be tempted to pay up to rescue
your files, but this will only encourage more blackmail attempts
in the future. Companies who have made regular backups may
be able to recover easily, but less diligent home users may
feel forced to cough up the cash," Cluley said.
Although a ransomware scam can occur via e-mail attachment
or computer network, most have been browser-based, meaning
that a person was infected after visiting a Web site that
had been hacked. So stay away from the "shadier"
websites out there!
So what else can you do to protect yourself from a ransomware
"Today, most of the viruses and Trojan horses we see
are being written with the intention of making money and we
wouldn't be surprised to see much more ransomware being written
in the future. Attacks are becoming more organized and more
malicious, and every computer needs to be properly defended
with up-to-date anti-virus software, firewalls and operating
system patches," Cluley said.
You may also want to use a pop-up blocker, as ransomware
can be delivered via pop-ups, and be wary of downloading any
software (games, screensavers, etc.) that you aren't sure
As it stands, ransomware attacks seem to be restricted to
PC computers. Mac users have so far been unaffected.
Scams: How I Deceive the Heck Out of You with Consumer Rebate
Get Caught by Phishing Scams on the Internet!
Files for Ransom
June 1, 2006
Post: Security Fix