Has ransomware made a comeback?

BROWSE BY TAG Expert Archive: Information Security Threats,   Malware, Viruses, Trojans and Spyware,   Information Security Threats,   Hacker Tools and Techniques: Underground Sites and Hacking Groups,   VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Expert Archive: Information Security Threats The telltale signs of a network attack Will Google Chrome enhance overall browser security? Are there antivirus suites that pick up more than just run-of-the-mill viruses? What tools can a hacker use to crack a laptop password? Are social networking sites an easy target for malicious hackers? What are the dangers of cross-site request forgery attacks (CSRF)? Should social engineering tests be included in penetration testing? What kind of data is compromised during a Google hack? Best practices for using restriction policy whitelists Defining mobile device security concerns Malware, Viruses, Trojans and Spyware New Zeus spam poses as Social Security statements Increase in Gumblar backdoors poses FTP credential problems Hackers to sharpen malware, malicious software in 2010 iPhone worm Rickrolls jailbroken phones Israeli Mossad add Trojan Horse to Syrian laptop Schneier-Ranum Face-Off: Is antivirus dead? Modern malware, stealthy botnets, adapt quickly, expert says Computer worm infections up, scareware antivirus down, Microsoft says Web-based attacks skyrocket, pirating sites surge, security firms say Mini guide: How to remove and prevent Trojans, malware and spyware Hacker Tools and Techniques: Underground Sites and Hacking Groups Russian cybercriminals target H1N1 Swine Flu fears Metasploit Project acquisition ups ante for penetration testing market Successful rogue antivirus hinges on social engineering DEFCON survey suggests hacker community on vacation DoD urges less network anonymity, more PKI use New hacker skills optimize revenue Maturing cybercriminal economy buoyed by business savvy hackers Juniper pulls ATM hacking presentation from Black Hat Botnet platform helps cybercriminals bid for zombie PCs Man pleads guilty in online banking hacking scam

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary bot worm  (SearchSecurity.com) directory traversal  (SearchSecurity.com) government Trojan  (SearchSecurity.com) Kraken  (SearchSecurity.com) man in the browser  (SearchSecurity.com) polymorphic malware  (SearchSecurity.com) RAT (remote access Trojan)  (SearchSecurity.com) RavMonE virus  (SearchSecurity.com) RFID virus  (SearchSecurity.com) Rock Phish  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

We do see periodic ransomware outbreaks, as bad guys try to make some money by encrypting important information on infected machines and then offering to sell decryption keys or software to the victim so that he or she can recover the data. Just a couple of months ago, a new version of Gpcode reared its ugly head, exhorting its sad victims with this message:

Hello, your files are encrypted with RSA-4096 algorithm

http://en.wikipedia.org/wiki/RSA

You will need at least few years to decrypt these files without our software. All your private information for last 3 months were collected and sent to us. To decrypt your files you need to buy our software. The price is $300.

If you will not contact us until 07/15/2007 your private information will be shared and you will lost all your data.

Glamorous team

Isn't that lovely? I'm particularly amused by the "Hello" salutation up front, and the Wikipedia reference to the algorithm used for the crypto.

(By the way, it's likely untrue that the files themselves were encrypted with the RSA public key crypto algorithm. Symmetric algorithms usually encrypt hundreds of times faster than public key algorithms, and encrypting with RSA would be an inefficient choice. Perhaps the bad guys just cite RSA because it sounds scarier, or because they used it to encrypt the symmetric key. The files themselves, however, are likely encrypted using a symmetric key algorithm, like AES, DES or IDEA.)

While these ransomware attacks do occur, they are not terribly common today. The payoff is often so small that attackers turn their attention to more reliable methods of getting money from infected machines: spyware, keystroke loggers, search results customization, spam relays and so forth.

Most antivirus vendors have signatures that can block the common ransomware manifestations of the past. While there isn't a huge threat here, it is always a good idea to keep a backup of your vital files. Try to get into the habit of backing up once per week or so. You'll be happy that you did. But the reason for doing so is likely not going to be the threat of ransomware; you are far more likely to suffer a hard drive failure, something that occurs quite regularly and can wipe out your data.

More information: