Data Ransom Scheme a Surprising Play for Hackers

When it comes to cyber-crime, holding data for ransom is not a common form of attack on enterprises. The recent hack of a Virginian state Website is a reminder that ransomware and other schemes can still be viable ways for cyber-crooks to try to make a dollar.

The PC Cyborg Trojan appeared on the scene back in 1989, encrypting files on the C drives of infected users. It then prompted them to contact the PC Cyborg Corporation and pay a fee to have their files decrypted, marking what is considered to be the first piece of ransomware in the wild.

Roughly 20 years later, a hacker has attempted a similar scam, this time breaking into the Virginia Prescription Monitoring Program's Website and demanding payment in exchange for access to data on more than 8 million patients. According to Wikileaks, the attacker or attackers put a message on the Website April 30 stating that the database of prescriptions had been placed in an encrypted, password-protected file. To get it back, the state must cough up $10 million, according to the demand.

But at a time when botnets are quietly stealing mountains of financial and corporate data and slinking off into the cyber-crime underworld, data being kidnapped and held for ransom is not among the top threats enterprises should be worried about, security pros say. Truth be told, the biggest threats are the ones that attempt to leave no trace for victims to pick up on.

"Ransom hacking definitely occurs somewhat regularly, but I'd consider it far lower on the risk ledger than most kinds of cyber-crime," said Rich Mogull, an analyst with Securosis. "It's far higher risk to the bad guys than quietly stealing data and selling it on the black market."

Mogull added, "I don't think this was ever a hugely popular form of attack, but it's one that draws a lot of attention the few times it happens."

More common are incidents of researchers attempting to blackmail companies or vendors when they find a vulnerability in software, but even those schemes have declined in popularity, Mogull said.

Certainly, there is no shortage of people looking to exploit vulnerabilities to either steal data or rope users into scams to buy rogue anti-virus software, and the profitability of those activities may make a high-profile extortion or blackmail attempt less attractive to black hat hackers. Or, as McAfee's Dave Marcus suspects, the deterrent may just be the threat posed by additional interaction with the victim.

Ransom schemes "were never hugely common-meaning they probably never took off," said Marcus, director of security research and communications at McAfee Avert Labs. "It might be reasonable to assume that it was always easier to steal and sell data. By communicating with the victim, it seems to create much more of a chance of being caught."

While there was a conviction in the case of the PC Cyborg Trojan, tracking cyber-criminals remains a notoriously difficult proposition for law enforcement. However, according to a report by CBS News, the FBI is investigating the case in Virginia.