In Brief

The return of ransomware

Ransomware is nothing more than a virtual stick-em-up.

By Scott Berinato

October 17, 2007CSO — Ransomware is nothing more than a virtual stick-em-up. You download malware, which encrypts files on your computer. Then the malware delivers an extortion message: Pay us cash and well give you access to your files again. The technique gained a moment of notoriety in 2006 when one such attack managed to make the news. This past summer ransomware returned. This time, the criminals have added a strong dose of social engineering to the attack.

The actual Trojan that encrypts files and delivers the ransom note is dubbed GPCode, or alternatively, Sinowal. It demands $300 in exchange for the key to decrypt your files. Failure to pay will result in the files being published on the Internet, according to the threatening note. Whats more, the note says, the files have been encrypted using an algorithm called RSA-4096, and it includes a link to an article about the technology that notes that RSA-4096 is virtually unbreakable.

But, according to security researchers, its all a bluff, the virtual equivalent of jabbing your finger through your jacket pocket and claiming you have a gun. GPCode does not actually take any files to publish on the Internet, and the encryption it uses is relatively easily cracked by professionals.

The goal of the bluff is to terrify someone with the prospect of being unable to access critical files. The relatively low amount of cash the extortionists demand is further meant to facilitate the transaction, creating in the victims mind an easy trade-off; it seems like a pittance next to a ruined career.

The newfound ability of hackers to create mass distribution of their malware through spam and iFrames allows them to ask for less money from more victims, increasing the likelihood that any one victim will pay.

Experts suggest you never capitulate, especially before analyzing the situation with a team that includes security researchers, encryption experts and perhaps security experts skilled in negotiation and extortion threats. And dont buy into the hype of a few sensational news reports. Experts believe that ransomware, while a real threat, is but one tree in the forest of risk and probably gets more press than it warrants because it makes for good reading. What should warrant attention is a new development, something widespread, or something causing severe devastation, says security researcher Jose Nazario. Ransomware, he notes, is 0-for-3 on those criteria.

GPCode has already come and gone. Another ransomware attack will probably come along. Remember, its probably just the guys finger jabbing into your back. Scott Berinato

RESOURCE CENTER
Loading...
VIRTUAL CONFERENCE
Data Center Directions Virtual Conference

Data Center VCAttend this free, 100% online event exploring tools and techniques for making your data center deliver for today and tomorrow.

» Learn more and register here

WHITE PAPER
Discover whether hosting is your smartest choice for enterprise messaging.

GoogleTo host or not to host? Thats the question for many CIOs as the volume and complexity of enterprise messaging continues to skyrocket.

» Read the Paper

Featured Sponsors