Ransomware no cause for New Year celebration: Sophos

Dec 16, 2013 by Nancy Owano weblog
Ransomware no cause for New Year celebration: Sophos
Cryptolocker encrypts a victim’s files and demands a ransom.

(Phys.org) —From operating systems on desktops to software and peripherals on smartphones, information thieves have been clever, inventive and successfully stealthy in finding pathways for stealing personal information. Malicious software is alive and well; one only has to glance at the daily headlines reporting on security exploits in government and the private sectors. A new report from the security firm Sophos, "Security Threat Report 2014," calls attention to the latest types of security headaches. They include ransomware, the type of malicious software that locks you out of your computer or your data and demands money to let you back in. Ransomware itself is nothing new, as a ploy to make files inaccessible, and then demanding money from the victim before the attackers hand back control of the system to the victim.

But this year Sophos security experts saw a newer ransomware version, called Cryptolocker. In a blog posting about the report, company CTO Gerhard Eschelbeck called Cryptolocker an exceptionally nasty strain, locking users out of their files with the use of "extremely strong" encryption. The Cryptolocker thieves have thus far been successful in getting their victims to pay large sums, in electronic payments. The report said that Cryptolocker is ransomware that "adds itself to the list of Windows programs that run at startup, tracks down an infected server, uploads a small ID file from your computer, retrieves a public key from that server (which stores a matching private key), and then encrypts all the data and image files it can find on your computer."

Attack points may be via e-mail spam but Cryptolocker often arrives through botnets. Generally, said the BBC, in reporting on the Sophos findings, cybercrime kits have helped many people with only light technical skills enter the world of high-tech crime for the first time; with some kits even offering technical support for those who need advice on how to roll their own malicious programs, and have been a contributing factor to the rise in malicious programs circulating online. The BBC said that one study of some servers run by the criminals behind Cryptolocker indicated 12,000 victims a week were being hit.

The Sophos report said ransomware targeted against Android devices has been noticed. In June, Sophos researcher Rowland Yu discovered the first ransomware attack against Android devices. Posing as an antivirus solution the ransomware app asked for a $99.99 payment to restore access to Android devices.

The new Sophos security threat report was released on December 10. Later that week, the Sophos blog issued a specific warning about ransomware, predicting its rise. "Ransomware, including the infamous file-encrypting Cryptolocker, posed a major threat in 2013. But this cyber-crimewave could get much worse in 2014." According to the blog posting, cybercriminals are plotting to create new ransomware using automated malware kits.

James Lyne, global head of research at Sophos, told BBC News that "Cryptolocker is very much a deviation from the norm, and I actually think it is a sign of things to come."

Explore further: What to do when your computer gets kidnapped by ransomware

More information: Report: www.sophos.com/en-us/medialibr… reat-report-2014.pdf

Related Stories

UK warns of ransom scam targeting 10s of millions

Nov 15, 2013

(AP)—British officials issued an unusually stark alert about a cyberscam that locks users out of their computers unless they pay a ransom, saying Friday that tens of millions of people may soon be targeted.

Spain busts 'ransomware' cybercrime gang

Feb 13, 2013

(AP)—Spanish authorities on Wednesday announced the breakup of a cybercrime gang that used a "ransomware" virus to lock computers throughout Europe, display false messages claiming the action was taken by police and demand ...

Recommended for you

Share button may share your browsing history, too

11 hours ago

One in 18 of the world's top 100,000 websites track users without their consent using a previously undetected cookie-like tracking mechanism embedded in 'share' buttons. A new study by researchers at KU Leuven ...

Tokyo police make arrest in massive data leak case

Jul 17, 2014

Tokyo police said Thursday they had arrested an engineer for allegedly stealing massive amounts of personal data from an educational services firm, a leak that may ultimately affect more than 20 million people.

User comments : 0