Data Ransom Scheme a Surprising Play for Hackers | eWeek

Data Ransom Scheme a Surprising Play for Hackers

Écrit par
Brian Prince
Brian Prince
May 5, 2009
2 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus

The PC Cyborg Trojan appeared on the scene back in 1989, encrypting files on the C drives of infected users. It then prompted them to contact the PC Cyborg Corporation and pay a fee to have their files decrypted, marking what is considered to be the first piece of ransomware in the wild.

Roughly 20 years later, a hacker has attempted a similar scam, this time breaking into the Virginia Prescription Monitoring Program’s Website and demanding payment in exchange for access to data on more than 8 million patients. According to Wikileaks, the attacker or attackers put a message on the Website April 30 stating that the database of prescriptions had been placed in an encrypted, password-protected file. To get it back, the state must cough up $10 million, according to the demand.

But at a time when botnets are quietly stealing mountains of financial and corporate data and slinking off into the cyber-crime underworld, data being kidnapped and held for ransom is not among the top threats enterprises should be worried about, security pros say. Truth be told, the biggest threats are the ones that attempt to leave no trace for victims to pick up on.

“Ransom hacking definitely occurs somewhat regularly, but I’d consider it far lower on the risk ledger than most kinds of cyber-crime,” said Rich Mogull, an analyst with Securosis. “It’s far higher risk to the bad guys than quietly stealing data and selling it on the black market.”

Mogull added, “I don’t think this was ever a hugely popular form of attack, but it’s one that draws a lot of attention the few times it happens.”

More common are incidents of researchers attempting to blackmail companies or vendors when they find a vulnerability in software, but even those schemes have declined in popularity, Mogull said.

Certainly, there is no shortage of people looking to exploit vulnerabilities to either steal data or rope users into scams to buy rogue anti-virus software, and the profitability of those activities may make a high-profile extortion or blackmail attempt less attractive to black hat hackers. Or, as McAfee’s Dave Marcus suspects, the deterrent may just be the threat posed by additional interaction with the victim.

Ransom schemes “were never hugely common-meaning they probably never took off,” said Marcus, director of security research and communications at McAfee Avert Labs. “It might be reasonable to assume that it was always easier to steal and sell data. By communicating with the victim, it seems to create much more of a chance of being caught.”

While there was a conviction in the case of the PC Cyborg Trojan, tracking cyber-criminals remains a notoriously difficult proposition for law enforcement. However, according to a report by CBS News, the FBI is investigating the case in Virginia.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.