Ransomware and organisational blackmail are making a resurgence. They are an easy and quick way for criminals to generate cash from malware infections. Ransomware demands a cash payment from the victim in order to restore their PC or mobile phone back to good working order. The extortion is carried out by the modern highwaymen holding travellers to ransom on the internet highway.
In a form known as “Police Ransomware”, victims are informed that the authorities have locked their PC because they have supposedly contravened laws such as allowing the PC to be used to propagate child pornography. Victims are told they need to pay a fine to have their PC unlocked. The Reverton malware is an example, it was tailored to the country of the victim – in the US it purports to come from the FBI, in the UK from the Metropolitan Police, and in Germany from the Federal Police, the Bundesamt fr Polizei.
The time period between a successful malware infection and receiving cash is shorter for ransomware than for identity theft, leading to the resurgence in popularity for this form of attack. Even though some victims realise it is a scam, they still pay the ransom in the belief that their system will be restored. Victims are unaware that even if the ransom money is paid, the malware will remain on their system, and could be activated later for another ransomware attack, or for identity theft.
Some ransomware attacks modify the master boot record to lock the user out of the PC, others threaten to wipe the hard drive unless payment is made. Another form of the attack is to encrypt data or software files, and demand payment for the decryption key. A PC can be infected by ransomware through a drive-by download, or by opening an infected HTML email.
Symantec estimate that almost 3% of victims pay the ransom. The criminal gang is able to collect the cash through electronic money services such as MoneyPak in the US or Ukash in Europe.
Organisations can also become victim of ransomware attacks – a form of organisational blackmail. This type of attack could be directed at small, medium and large organisations. In 2012, a medical centre in Australia was victim of ransomware, and ordered to pay $4000 for the decryption key to their patient records.
Organisations need to ensure they have up-to-date, off-site data backup, in order to quickly recover from this attack.
Extortion that accompanies ransomware could form part of a hacktivist strategy, by groups such as Anonymous or criminal gangs masquerading as Anonymous.
On a positive note, botnet commanders are unlikely to be very keen on ransomware as they expose the bot – a ransomware attack makes many users aware that their system is infected.
On mobile, currently, SMS fraud is the weapon of preference for cyber attacks as it is easy for the criminal to earn cash from the malware infection. However, this could change, and ransomware could become more prevalent on mobile.