To protect your computer, your identity, your privacy and your files, you’ve had to learn to defend against, spam, scams, worms, Trojans, other malware, fake anti-virus schemes and bots.
Now there’s a new threat to protect against. Called ransomware, this malware takes over your computer and blocks you from accessing your computer or some of your files. Some ransomware encrypts your files, documents, pictures, etc., and so this malware type may also be called a cryptovirus, cryptotrojan or cryptoworm. In either form, users of infected devices are told to pay the ransom or lose their files and control of their computer.
Ransomware first surfaced in Eastern Europe in 2009, and it spread across Europe. Over the course of 2012, hundreds of thousands of people across the world have sat down at their computers and discovered a ransom message. Security experts say they’ve counted over 16 sophisticated criminal cyber-gangs extorting millions from victims across Europe.
Cybercriminals behind the ransomware attacks have now turned their attention to the U.S.
The ransom note may claim to be from the FBI or some other law enforcement agency and claim you’ve done something illegal on your machine (for example, claim you’ve downloaded images of child exploitation, participated in online gambling or visited piracy sites) and then demand payment – often called a ‘fine’ varying in amounts from $100 to $400 dollars. Rest assured, no legitimate law enforcement agency operates this way.
In other ransomware cases the criminals claim to be from other organizations like the hacker group Anonymous. Regardless of whom the cybercriminals claim to be, the extortion is profitable.
According to an article in the New York Times, cybercriminals are making more than $5 million a year through this exploit. Security researchers estimate that about 3% of computer owners decide to pay the ransom, but this varies considerably by country. In some countries, the percentage of computer owners who pay is as high as 15%.
These gangs are smart. The NYT article says the “latest variants speak to victims through recorded audio messages that tell users that if they do not pay within 48 hours, they will face criminal charges. Some even show footage from a computer’s webcam to give the illusion that law enforcement is watching. And that “the messages often demand that victims buy a preloaded debit card that can be purchased at a local drugstore — and enter the PIN. That way it’s impossible for victims to cancel the transaction once it becomes clear that criminals have no intention of unlocking their PC.”
Don’t pay the ransom! Few who pay ever regain control of their computer or have their files restored by the crooks. Instead, most infected users have to hire a computer security/technology company to manually remove the virus – and this usually means erasing everything on the computer hard drive, risking the loss of all their files, photos, etc.
While law enforcement and security companies are working to shut down these criminal gangs, the sheer scope of the problem combined with the need for interagency and cross company coordination makes the task daunting; particularly as these criminals are sophisticated at covering their tracks and destroying digital evidence.
Highlighting the efforts of Charlie Hurel, an independent security researcher based in France, the NYT article outlined how he “was able to hack into one group’s computers to discover just how gullible their victims could be. On one day last month, the criminals’ accounting showed that they were able to infect 18,941 computers, 93 percent of all attempts. Of those who received a ransom message that day, 15 percent paid. In most cases, Mr. Hurel said, hackers demanded 100 euros, making their haul for one day’s work more than $400,000.”
Defend against ransomware
Ransomware is most frequently downloaded when users visit a malicious website, open a malicious email attachment, or click on a malicious link on a social networking site, website, or in an email or instant message. To protect yourself from ransomware, your best defenses are practicing the same 8 security measures you should always be applying when online:
If you don’t know whether your computer is infected, or just wonder if you’ve got the latest software versions installed, you can quickly find out, and it won’t cost you a thing.
Use Frontier Secure’s PC HealthCheck tool, the company’s free online tool and it will tell you if your computer is protected and help you fix possible security issues. It checks to see if your firewall, anti-virus, and anti-spyware software is turned on and up to date, whether your photographs, text documents, and other irreplaceable content are automatically backed up and whether there are security updates available for the most widely used programs on your computer (such as the operating system, web browsers and media players).
If your computer does become infected with ransomware, and you do not know how to wipe your hard drive yourself, contact a computer professional to remove the malware from your computer.
Keep in mind that simply unblocking your computer is not the same as getting rid of the malware. Unless you completely clean your computer the malware is almost guaranteed to remain on your device to steal personal information such as your user names, passwords and credit card numbers through embedded keystroke logging programs, use your computer as a bot in their botnet, send spam through your accounts, and so on.