A new type of cyber attack has surprised net users in several countries. Moments after starting the computer’s operating system, an alert message, usually signed by the government, warns the user that all functions of the computer and the files stored on it are blocked. The message directs the user to pay a “fee” so that your computer is unlocked. At the time of the scare, many pay, but not all regain access to the computer.
The so-called “ransomware” kicks in after the user installs a virus on your computer unknowingly when you click on a malicious link received by email or accessing a web page infected.
According to the manufacturer McAfee antivirus, the number of samples ransomware grew 43% last quarter. In total, more than 200 thousand samples of this type of malware were collected by the company during the period. That is almost triple the samples collected in the same period last year.
“The high growth in the number of samples in the last quarter of ransomware has one of the fastest growing areas in cybercrime,” say analysts at McAfee, the report threats of the third quarter.
The growth of ransomware attacks was also noted by Symantec in its report of October threats. “This year we are seeing a growth in the presence of ransomware, not only when it comes to numbers, but also in terms of the incorporation of new techniques,” wrote Hon Lau, analyst at Symantec’s security response in the report.
As the ransomware works?
According to Symantec, maker of Norton Antivirus, it is common to find samples of ransomware in false advertising banners located on porn sites. Clicking on the ad, the user downloads the virus to your computer unknowingly. Upon receipt, the program starts in the background, lock computer functions and displays the image with the notice, to intimidate the user.
This type of threat began to emerge on the web in 2009, mainly in Russia and countries that adopt the language. Only half of 2011, the attacks began to spread through Europe and, soon after, by the United States. Quickly, this type of attack gained more relevance among cybercriminals.
In Europe, cybercriminals often require between 50 euros and 100 euros during the ransomware attacks. In the U.S., the sums amount to $ 200. In general, the cybercriminal sets a deadline for payment which usually occurs over the Internet. However, it is common, even after payment, you can not unlock the computer – only after removing the malware from the machine.
Estimation of Symantec shows that cybercriminals achieve a success rate of about 3% with each attack. After analyzing the server from a single sample of ransomware in the U.S., the company estimates that the cybercriminal managed to infect about 68,000 computers in just one month, which may have earned him about $ 394,000.
New types of kidnapping
According to Lau, the first messages of ransomware, cybercriminals used simple messages, demanding money in exchange for the release of the computer. In many cases, according to Symantec, it was common attacks used a lock screen with pornographic images, for example, to force the user to make payment quickly.
Currently, however, cybercriminals started creating ransomwares specific to each country and also with content that threatens the user based on possible crimes committed by him. One of the cases in the U.S., for example, is the use of messages with the logo of the Federal Buereau of Investigation (FBI) on charges that the user downloaded pirated music or videos and therefore your computer was blocked for a government investigation .
“If the statistics are right about reality, you can be sure that this social engineering inspired by the application of the law is likely to work, especially when combined with other techniques such as screen lock” explains Lau, the report from Symantec .
In some new “kidnapping” of computers in the U.S., says Symantec, that there ransomwares even use audio to enhance the impact of the attack. When displaying a false message on the computer screen, the malicious program also plays a message (in English): “FBI Warning: Your computer is blocked because of a violation of federal law.”