Ransomware also known as cryptoviruses, cryptotrojans or cryptoworms is an increasingly common Internet thread that is spreading like wild fire at the moment. Especially the variations called Citadel and Reveton are very active.
The malicious code in Ransomware spreads in much the same way as a computer virus and worms. The aim of the code is to extort money from the user infected with the code. This is why the phenomenon is also known as Scareware as it uses social engineering to scare the user into thinking he/she has done something wrong. Lets take a look at the example below.
In this case the user opens up a web page and all of a sudden the screen turns grey and up pops the screenshot from below.
An authentic looking page from “the FBI” with your IP address and ISP name warns you that your PC has been blocked as you have violated copyright law. On top of that if you have a webcam attached you will see a picture of yourself on the right with a label claiming you are being recorded. The user is then ordered to pay a fine in order to have the ban lifted and charges dropped. The legal threat is of course bogus.
More serious examples will encrypt files on the victim’s computer asking for a ransom in order to decrypt the files. This thread Unlocatoroike the legal thread from other examples is very real. Users have reported being locked out of their computers or loosing valuable files.
Internet security firm McAfee reported more than 120.000 new infections in the second quarter of 2012 alone.
Brian Krebs from the blog On Security found data from a Scam focusing on France and he found out that 2116 were infected in a single day. Out of these just 79 paid the ransom, but at $100 pr. user you can do the math yourself and I’m sure you will agree we are talking big numbers here. Don’t forget the scammers are targeting computers all over the world.
The huge profits keeps on attracting new spammers all the time and there is no sign of this type of scam going away anytime soon.
The recipe for avoiding ransomware is much the same as protecting yourself from other online threads.
First of all take a deep breath and remain calm. Ransomware is a scam and you will not be reported to the police or anything of the like. Download and install antivirus from McaFee or Kaspersky and let it run on your system to remove the infection.