Inside the Briefcase

Augmented Reality Analytics: Transforming Data Visualization

Augmented Reality Analytics: Transforming Data Visualization

Tweet Augmented reality is transforming how data is visualized...

ITBriefcase.net Membership!

ITBriefcase.net Membership!

Tweet Register as an ITBriefcase.net member to unlock exclusive...

Women in Tech Boston

Women in Tech Boston

Hear from an industry analyst and a Fortinet customer...

IT Briefcase Interview: Simplicity, Security, and Scale – The Future for MSPs

IT Briefcase Interview: Simplicity, Security, and Scale – The Future for MSPs

In this interview, JumpCloud’s Antoine Jebara, co-founder and GM...

Tips And Tricks On Getting The Most Out of VPN Services

Tips And Tricks On Getting The Most Out of VPN Services

In the wake of restrictions in access to certain...

Ransomware: How to Earn $33,000 Daily

November 8, 2012 No Comments

SOURCE: Symantec

Ransomware is a type of malicious software that disables the functionality of a computer in some way and demands a ransom in order to restore the computer to its original state. Recent variants use law enforcement imagery to add legitimacy to the warning messages. The malware uses geo-location services to determine the location of the computer it is running on and then, after locking the computer displays a message appropriate to that country. The message usually claims that the user has broken the law by browsing some illegal material. Figure 1 is an example of a ransomware variant that displays a message claiming to be from the FBI.

Figure 1. An example of a ransomware message

The message states that in order to unlock the computer, “a fine” must be paid using one of several prepaid electronic money schemes. The fines can range from €50 to €100 in Europe, and up to $200 in the US.

Ransomware has been in existence since 2009 and initially targeted users in Russia and Eastern Europe. It has since become a global problem, spreading first throughout Europe and, in more recent months, has begun targeting users in North America. At least 16 different versions of ransomware have been identified over the past year and a half. Each version is not an ‘upgrade’ from a previous version, but rather a unique variant, associated with a separate gang. These gangs have independently developed, or bought, their own different version of ransomware. The gangs are not new to cybercrime; they have been associated with other threats and scams in the past such as banking Trojans and rogue antivirus programs. Ransomware has now become a more lucrative enterprise for them.

The operations are highly profitable, with as many as 2.9 percent of compromised users paying out. An investigation into one of the smaller players in this scam identified 68,000 compromised computers in just one month, which could have resulted in a fraudster obtaining up to $400,000. A larger gang, using malware called Reveton (Trojan.Ransomlock.G), was detected attempting to infect 500,000 computers over a period of 18 days. Given the number of different gangs operating ransomware scams, a conservative estimate is that over five million dollars a year is being extorted from victims. The real number is, however, likely to be much higher.

For details on our investigation into these multiple ransomware variants, please see our whitepaper .

For those affected by these scams—DO NOT PAY THE RANSOM. Instead, follow the removal steps outlined here or check out this video for further instructions.

Leave a Reply

(required)

(required)


ADVERTISEMENT

DTX ExCeL London

WomeninTech