Imagine this frightening scenario: You attempt to log on to your computer, but instead of seeing the normal login gateway meant for entering credentials, you see a black screen with the words “YOUR COMPUTER HAS BEEN LOCKED.”
Next to the words are an intimidating FBI window and a warning that your computer is under investigation for suspicious activity. In fact, your computer is not under investigation—it has been taken over by a popular form of malware known as ransomware—a virus that hijacks computers and prevents user access until payment information an access key is entered.
Common forms of ransomware:
- SMS Ransomware
- MBR Ransomware
- File Encryptors
Specifically, the type of ransomware involving falsified law enforcement scare tactics is referred to as Reveton, a Zeus Trojan spinoff that commonly targets users attempting to access nefarious information that commonly includes child pornography and software that is illegally downloaded online.
It is important to note that ransomware is not a new problem. Ransomware was first seen as far back as 1989, when the international cyber community was introduced to the PC Cyborg Trojan. This Trojan, which also went under the name Aids Info Disk (AIDS), rendered files based on a computer’s C:\ drive and charge a fee in order to make the computer accessible again. Ransomware has evolved with the times and is now, once again, a legitimate threat facing users everywhere.
While this type of malware is nothing new, what is new is the magnitude of which it can take a computer captive. While other forms of malware are notorious for wreaking mayhem on a network or computer, ransomware derives its name from the fact that once a computer becomes infected, a user will typically be unable to access anything other than the ransom screen. It completely shuts a user out.
Just how bad is the threat of ransomware? According to a recent report by McAfee, in the second quarter of 2013 alone there were more than 320,000 new and unique forms of ransomware currently available on the Web. This amount more than doubled since the first quarter of 2013, and has since grown even more since the report was released. According to McAffee, more forms of ransomware were discovered in the first two quarters of 2013 alone than had been found in all previous periods—combined.
In addition to Reveton, another notorious form of ransomware is known as CryptoLocker. CrytpoLocker is new to the ransomware scene as first sightings of it have been reported in late 2013. CryptoLocker is a worm that is distributed via email or downloaded files. Once the software is embedded onto a computer, a hard drive’s information is then encrypted and hidden inside of it. In order to recover the data, a ransom must be paid within a few days—otherwise it is deleted.
Typically, most ransoms range from $100 to $300. On Nov. 4, however, Malwarebytes highlighted new “late payment options” that went as high as 10 Bitcoins, which translates to approximately $2,000 USD.
Like most forms of malware, best practices for avoiding ransomware include avoiding links and emails of which the destination or origin is unknown. Staying away from malevolent websites and being smart about what you download is a crucial method for protecting your system from ransomware.
It is also important to remember that if your computer becomes infected, one of the worst things that you could do is pay the fee. Doing so could give criminals access to financial information. Additionally, computers will typically remain infected and susceptible to further attacks. Instead, it is recommended that you contact your local law enforcement agency should your computer be compromised with ransomware.