Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
Search
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity
    • IT Management
    • Networking

    Ransomware, a Quick-and-Dirty Bribery Scam, Targets Europe

    By
    eweekdev
    -
    August 7, 2012
    Share
    Facebook
    Twitter
    Linkedin

      By: Robert Lemos

      A typical digital kidnapping often begins with the victim inadvertently running a malicious program. The ransomware, as such programs are called, then encrypts the computer hard drive and offers to sell the victim the encryption key for a small fee.

      Over the past few months, security professionals have engaged in a cat-and-mouse game with a number of groups using similar tactics. Recent versions targeting Austrian, Dutch, English, French, German and Swiss computer users, for example, employ a simpler method of locking the computers-by running a small program that loads at the system startup and forces the user to enter in a code before allowing them to log in. To dissuade the victims from going to the authorities, the software claims to have locked the computer for violations under copyright laws or-in earlier versions of the ransomware-under child porn and terrorism laws.

      Ransomware is not generally considered a major threat-only an occasional oddity-but the increase in recent activity may indicate that criminals are having some success with the scam.

      “From my perspective, it has become quite popular,” a manager for Abuse.ch, a botnet-tracking site based in Switzerland, said in an email interview. “I don’t know the reason why, but probably because it’s not difficult to write ransomware-so a small effort, but very effective.” The manager asked not to be named for privacy reasons.

      In a post published Aug. 3, Abuse.ch-a site known for its tracking of major botnets, such as Zeus and SpyEye-noted that the latest scheme spreads through a popular infection vector, the Blackhole exploit kit. Using such cyber-criminal toolkits, attackers can build Websites that exploit software vulnerabilities on visitors’ systems to install malicious software.

      Once installed, the ransomware uses geolocation to determine the country of the victim and then displays a notice specific to the country, demanding that the user pay a fee to unlock the system. Oddly enough, while the malware makes an effort to identify the victim’s location, all the notices are written in German, the analysis stated.

      The attack has become popular enough that Poland’s Computer Emergency Response Team (CERT Polska) published an advisory detailing two methods of unlocking an infected computer without paying the ransomers. Prior to the advisory, the CERT had created a utility to generate fake keys for the user to unlock their own system, but more recent variants of the ransomware defeated the workaround.

      The methods outlined by the CERT would allow users to remove the malware, even when they could not boot the system, the advisory stated.

      “Malware very often adds itself to the list of applications that start when operating system boots up,” according to the CERT alert. “By doing so, it makes sure that when a user removes it during the system run, it will infect the machine again at another boot. The only solution is to prevent software from running at system start.”

      The two methods basically amount to using Microsoft Windows’ Safe Mode to boot up the machine and manually remove the malware, or using a recovery CD from an antivirus vendor to clean the system.

      With such workable solutions, it’s unlikely that the criminals will be paid their 100-euro fee for keys, but the ease with which the attack can be mounted likely makes it worthwhile for now, according to Abuse.ch.

      “I think it is just a temporary trend until someone finds a better idea to make money easier,” said the manager.

      Avatar
      eweekdev
      http://www.eweek.com

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      Zeus Kerravala - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      Wayne Rash - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Information

      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×