Would you be fooled by a popup on your computer that demands immediate payment to restore your device to normal working order? Like most scams, it's all in the numbers - hit enough potential victims and over time realize a profit. That's the name of the game when it comes to the dramatic increase in ransomware, which is estimated to be successfully extorting funds from nearly three percent of those targeted, and cyber criminals are making millions every year with these schemes.
A report released today by researchers at Symantec titled Ransomware: A Growing Menace, examines how the use of ransomware by organized criminal gangs is on the uptick, especially in the U.S., Canada, and Western Europe. Researchers conservatively estimate that these criminal syndicates are earning over five million dollars per year or more from the scams, and the methods used to bilk victims are evolving.
Security and fraud expert Robert Siciliano notes that other recent research has also detected a steady increase in the use of ransomware. "The rise of ransomware is directly tied to the millions of PCs still on Windows XP. XP machines, like their users, are outdated and vulnerable. With the malware growth rate up nearly 100,000 samples per day, McAfee identified key variations of malware which include specifically ransomware," Siciliano told Security Bistro.
Ransomware is a form of malicious code that acts to disable the functionality of an infected computer in one way or another, and then issues demands for payment in order for the victim to restore their device to normal operations."Once your computer is infected with ransomware, it locks down your files to prevent you from accessing them and gives a hacker full control of your machine," Siciliano explained.
The most common methods of infection is by way of tainted email attachments or the use of a link in an email spam message, but attackers are also known to be employing drive-by attacks in which a victim can be infected by simply visiting a malicious or otherwise compromised website, Siciliano said.
Ransomware scams are becoming more diverse in nature, with some using social engineering to fool victims, while others issue outright extortion techniques to compel payment. On the social engineering side, early forms of ransomware scams used scareware tactics by displaying pop-up alerts that purported to be from Microsoft, and directed victims to send an SMS text message in order to obtain a special code that will "activate" the target's computer. The text message incurs a fee for the sender, and the scammers take their cut.
Other scareware tactics attempt to fool victims by pretending to be security alerts, according to Siciliano. "Sometimes the ransomware poses as a 'Browser Security' or 'Anti-Adware' security product whose license has expired. Computers running Windows that are infected by ransomware are confronted by a full-screen message that resembles a Windows error alert," said Siciliano.
Later versions of the scams took to displaying an illicit image that the victim could not remove without the payment of a fee, a tactic that proved quite successful and was adopted widely due to its profitability.
The most recent ransomware schemes have been displaying an image that uses logos associated with law enforcement agencies, such as the FBI. The message included in the image claims that the target has committed an illegal act - usually the viewing of illegal material or some violation of copyright law - and demands that the "offender" pay a fine in order to regain control of their device.
The proliferation of ransomware scams is significant. Researchers identified a small operation that was able to compromise 68,000 computers in a one month period, potentially earning as much as $400,000. A larger operation, which used a malware variant called Reveton, is thought to have infected around 500,000 computers in just 18 days, and the profits from the scam could have been in the millions.
The Internet Crime Complaint Center (IC3) suggests the following actions if you become a victim of ransomware:
- Do not pay any money or provide any personal information.
- Contact a computer professional to remove the malware from your computer.
- File a complaint on the IC3 website.