Inside the Briefcase

The 5 Most Common Application Bottlenecks

The 5 Most Common Application Bottlenecks

Application bottlenecks can lead an otherwise functional computer or...

How Machine Learning Helps Improve the Security Industry

How Machine Learning Helps Improve the Security Industry

We’ve been moving more and more towards computerized processes...

Transformation on a Global Scale

Transformation on a Global Scale

Necessity may be the mother of invention, but it’s...

IT Briefcase Exclusive Interview: As Container Adoption Swells, So Do Security Concerns

IT Briefcase Exclusive Interview: As Container Adoption Swells, So Do Security Concerns

Fei Huang, NeuVector
In this Fresh Ink interview segment,...

6 Marketing Strategies for Your Small Business

6 Marketing Strategies for Your Small Business

One of the main problems facing small businesses is...

Ransomware: How to Earn $33,000 Daily

November 8, 2012 No Comments

SOURCE: Symantec

Ransomware is a type of malicious software that disables the functionality of a computer in some way and demands a ransom in order to restore the computer to its original state. Recent variants use law enforcement imagery to add legitimacy to the warning messages. The malware uses geo-location services to determine the location of the computer it is running on and then, after locking the computer displays a message appropriate to that country. The message usually claims that the user has broken the law by browsing some illegal material. Figure 1 is an example of a ransomware variant that displays a message claiming to be from the FBI.

 Ransomware: How to Earn $33,000 Daily

Figure 1. An example of a ransomware message

The message states that in order to unlock the computer, “a fine” must be paid using one of several prepaid electronic money schemes. The fines can range from €50 to €100 in Europe, and up to $200 in the US.

Ransomware has been in existence since 2009 and initially targeted users in Russia and Eastern Europe. It has since become a global problem, spreading first throughout Europe and, in more recent months, has begun targeting users in North America. At least 16 different versions of ransomware have been identified over the past year and a half. Each version is not an ‘upgrade’ from a previous version, but rather a unique variant, associated with a separate gang. These gangs have independently developed, or bought, their own different version of ransomware. The gangs are not new to cybercrime; they have been associated with other threats and scams in the past such as banking Trojans and rogue antivirus programs. Ransomware has now become a more lucrative enterprise for them.

The operations are highly profitable, with as many as 2.9 percent of compromised users paying out. An investigation into one of the smaller players in this scam identified 68,000 compromised computers in just one month, which could have resulted in a fraudster obtaining up to $400,000. A larger gang, using malware called Reveton (Trojan.Ransomlock.G), was detected attempting to infect 500,000 computers over a period of 18 days. Given the number of different gangs operating ransomware scams, a conservative estimate is that over five million dollars a year is being extorted from victims. The real number is, however, likely to be much higher.

For details on our investigation into these multiple ransomware variants, please see our whitepaper .

 Ransomware: How to Earn $33,000 Daily

For those affected by these scams—DO NOT PAY THE RANSOM. Instead, follow the removal steps outlined here or check out this video for further instructions.

SECURITY

Leave a Reply

(required)

(required)


ADVERTISEMENT

UC Expo

SSOW

sptechcon

ITBriefcase Comparison Report