Ransomware Becoming Big Business

Tuesday, November 13, 2012 @ 05:11 PM gHale


Ransomware is now becoming almost a $5 million a year enterprise, new research shows.

Ransomware, in this case malware that disables computers and demands hefty cash payments to law-enforcement agencies before the victim can get his machine restored, is returning almost $5 million, researchers from Symantec said in a report.

RELATED STORIES
Malware with Terms of Service Pact
Simple Works for Malware Writers
LinkedIn Emails lead to BlackHole
XSS Top Web Attack

Once infected, computers become unusable and often display logos of local law-enforcement agencies, along with warnings the user violated statutes involving child pornography or other serious offenses. The warnings then offer to unlock the computers if users pay a fine as high as $200 within 72 hours.

“A lot of individuals do pay up, either because they believe the messages or because they realize it is a scam but still want to restore access to their computer,” Symantec’s 16-page report explained. “Unfortunately, even if a person does pay up, the fraudsters often do not restore functionality. The only reliable way to restore functionality is to remove the malware.”

The report identified at least 16 different ransomware versions spawned by competing malware gangs. Many are completely different families of malware, rather than multiple variants of the same family, and most have their own unique behavior.

Many use freely available geographic location services to determine where each infected computer is and based on that information display law-enforcement logos and ransom demands local to that user. Demands frequently carry threats of arrest if victims don’t pay promptly, usually by using electronic payment systems to purchase an unlock code.

The Symantec researchers penetrated the command-and-control server of one ransomware scam. Over a period of about a month, between September to October, 68,000 unique IP addresses connected.

During a single day during that time, there were 5,700 connections, and of those 168 entered what appeared to be valid unlock codes. Taking into account 2.9 percent of the overall 68,000 infections paid the $200 fee, that would have net more than $394,000. If you then multiply that number by 12, it comes out to just over $4,7 million.

“The individuals responsible for it are clearly professional criminals, and for them to have expanded into the distribution of ransomware is a sign of the profitability behind the scam,” the researchers said.



Leave a Reply

You must be logged in to post a comment.