{"id":70,"date":"2011-03-20T23:13:18","date_gmt":"2011-03-20T23:13:18","guid":{"rendered":"https:\/\/mardo.net\/?p=70"},"modified":"2011-03-20T23:16:58","modified_gmt":"2011-03-20T23:16:58","slug":"ransomware","status":"publish","type":"post","link":"https:\/\/mardo.net\/?p=70","title":{"rendered":"Ransomware"},"content":{"rendered":"

The following article appeared on MSNBC. COM. Read through it and educate yourself on these rogue programs. It might just save you a visit from ‘the doctor’.<\/span><\/h1>\n

Give me your money, or your computer gets it<\/span><\/h1>\n

Posted: Friday, January 29 2010 at 06:00 am CT by Bob Sullivan<\/h2>\n

Turning hijacked computers into cash is still hard work for most computer criminals.\u00a0 They’ve got to trick the infected PC into sending spam, then trick a recipient into buying a useless product — or they have to steal online banking passwords, log onto a victim\u2019s account, bypass the bank\u2019s money transfer fraud controls, and so on.<\/p>\n

It’s much easier to just demand cash directly from infected users — a crime that’s the Internet’s equivalent of kidnapping.\u00a0<\/p>\n

“Give me all your money or your computer gets it-” is the basic proposition.\u00a0<\/p>\n

The technique was dubbed “ransomware” many years ago by computer virus researchers, and is not new.\u00a0 What is new is the explosion of ransomware, thanks to the evolution of ever-more-believable tactics during recent months.<\/p>\n

In December, the FBI issued a warning about a broader category of malicious programs called “rogueware.\u201d These programs appear on users’ machines and claim to find viruses, then offer to clean them for $50.\u00a0 Rogueware looks so realistic — complete with Windows-like dialog boxes and scary warnings — that Web users were tricked into sending $150 million to criminals last year, the FBI says<\/a>.<\/p>\n

The new ransomware is similar, but far more aggressive.\u00a0 Once a computer is infected with it, the program does more than recommend a software purchase \u2013it simply won’t let users continue to use their PC until they pay up.<\/p>\n

Luis Corrons Granel, a researcher at Panda Security, said use of ransomware by criminals is exploding — 25 percent of all rogueware in the past quarter involved a family of intimidating products named “TotalAntivirus.\u201d It demands that users pay $50 for two years, $79 for a lifetime license.<\/p>\n

\u201cThe increase (in ransomware) has been really significant,\u201d Granel said. A single family of ransomware programs called \u201cTotal Security\u201d made up one-quarter of all rogueware programs detected during the past three months, he said.<\/p>\n

To an average user, most rogueware would be indistinguishable from other standard antivirus products.\u00a0 They look like fully functional software, showing Windows-like screens for firewall settings, file scanning, and every other tab you’d expect from standard antivirus products. \u201cTotal Security\u201d even lets users choose their language — English, Spanish, and German are offered.<\/p>\n

The switch to ransomware by the bad guys makes sense, says Peter Cassidy, spokesman for the Anti-Phishing Working Group — because computer criminals are refining their programming methods, and getting more aggressive about taking people’s money.<\/p>\n

See ransomware in action with this video from PandaLabs.<\/em><\/p>\n

“Instead of trying to fool people and getting one out of 1,000 to pay, what they’re doing now is just locking up the PC and telling them they have to pay,” he said.\u00a0 “It’s a really violent approach, really nasty.”<\/p>\n

There might be one silver lining to the rise of ransomware, Cassidy said.\u00a0<\/p>\n

“It’s not in that gray area of selling people useless crap,” he said.\u00a0 \u201cIt\u2019s clearly criminal, and extortion does get the attention of law enforcement officials.\u201d<\/p>\n

As is customary, computer criminals are fusing this new attack with successful, older methods, said John Harrison, a security researcher at Symantec Corp. In one recent example, criminals first engaged in search engine “poisoning,” so their booby-trapped Web sites would rate high in Google searches about Haiti\u2019s earthquake. Visitors who clicked were tricked into downloading the ransomware software; and then were confronted with extortion demands.<\/p>\n

“That’s their distribution model,” Harrison said -. “They used to do it subtly, but now they are doing it much more brazenly.”<\/p>\n

In some versions, users will see a message that says, “Google recommends you install this,” or “Microsoft recommends you turn this feature on- \u2026 then, they take over your computer and all of a sudden it looks like you have 900 viruses,” he said.\u00a0<\/p>\n

The latest flavor of ransomware, described on Jan. 8 by security firm F-Secure<\/a>, doesn’t disable all software, but it does something just as debilitating — it encrypts all the files on a victim’s computer, and forces them to pay for decryption.\u00a0 The program, which calls itself Data Doctor 2010, costs $89.<\/p>\n

RED TAPE WRESTLING TIPS<\/strong>
\nIn some cases, researchers say, paying the ransom does work, at least initially. Still, it’s a terrible idea to pay. On a grand scale, you’ve just subsidized a criminal. But there are far more practical concerns — why would you trust the author of ransomware with your credit card number?\u00a0 Perhaps you think you’d never do this, but remember, the FBI says rogueware writers have made $150 million, so someone is paying up.<\/p>\n

If an unexpected antivirus dialog box lands on your computer screen, close the window immediately by clicking on the ‘x’ i<\/p>\n","protected":false},"excerpt":{"rendered":"

The following article appeared on MSNBC. COM. Read through it and educate yourself on these rogue programs. It might just save you a visit from ‘the doctor’. Give me your money, or your computer gets it Posted: Friday, January 29 2010 at 06:00 am CT by Bob Sullivan Turning hijacked computers into cash is still … <\/p>\n

Continue reading<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[],"class_list":["post-70","post","type-post","status-publish","format-standard","hentry","category-front-page","nodate","item-wrap"],"_links":{"self":[{"href":"https:\/\/mardo.net\/index.php?rest_route=\/wp\/v2\/posts\/70","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mardo.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mardo.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mardo.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mardo.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=70"}],"version-history":[{"count":3,"href":"https:\/\/mardo.net\/index.php?rest_route=\/wp\/v2\/posts\/70\/revisions"}],"predecessor-version":[{"id":74,"href":"https:\/\/mardo.net\/index.php?rest_route=\/wp\/v2\/posts\/70\/revisions\/74"}],"wp:attachment":[{"href":"https:\/\/mardo.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=70"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mardo.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=70"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mardo.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=70"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}