A new report from security vendor Symantec details a rise in ransomware, a type of malware which promises to solve a problem for a user in return for payment of a fee. This new crop of ransomware includes many which masquerade as messages from law enforcement and are able to lock up users’ systems.
Sean Michael Kerner from eSecurity Planet reported, “Ransomware isn’t a new threat, but it is a growing one. According to new research released from Symantec, ransomware has become increasingly effective over the course of the last year and is set to become a major security trend to watch in 2013. Symantec’s research found that nearly 3 percent of all those who are attacked by ransomware end up paying the attackers.”
Ars Technica’s Dan Goodin added:
“Malware that disables computers and demands that hefty cash payments be paid to purported law-enforcement agencies before the machines are restored is extorting as much as $5 million from end-user victims, researchers said.
The estimate, contained in a report published on Thursday by researchers from antivirus provider Symantec, is being fueled by the mushrooming growth of so-called ransomware. Once infected, computers become unusable and often display logos of local law-enforcement agencies, along with warnings that the user has violated statutes involving child pornography or other serious offenses. The warnings then offer to unlock the computers if users pay a fine as high as $200 within 72 hours.
“A lot of individuals do pay up, either because they believe the messages or because they realize it is a scam but still want to restore access to their computer,” Symantec’s 16-page report explained. “Unfortunately, even if a person does pay up, the fraudsters often do not restore functionality. The only reliable way to restore functionality is to remove the malware.”
ARN’s Patrick Budmar quoted Symantec’s Sean Kopelke, who said, “When we look at the cyber crimals, who are more and more monetary driven, malicious malware in the past was created more to annoy us.” He continued, “We’ve seen that move to a monetary focus from the type of malware they are creating.”
Robert Lemos from eWeek noted, “One ransomware campaign conned victims into parting with a total of $400,000 in a single month, as cyber-criminals target victims in North America with the age-old scam.”