2011 - The renaissance of Ransomware
Everything moves onward and, sadly for you and the other untold millions of honest Internet users, the Malware industry is no exception to this. What began as only a handful of Viruses has developed over time into vast numbers of Trojans, Worms, Phishing attacks and many other types of criminal approaches that endanger the security of your data and also your wallet. One of these has the somewhat strange name of "Ransomware" and is unfortunately making a successful comeback in 2011. This is reason enough for us to describe this relatively unknown category of Malware in more detail and show you how to recognize and protect yourself from this menace.
What is Ransomware?
The name "Ransomware" may sound strange to those who are not native English speakers, but the term "ransom" as it relates to money in exchange for a stolen person or object is entirely appropriate. Ransomware represents an attempt by the authors of this type of Malware to directly extort money from their victims.
You may ask how it is possible for Malware to extort ransom money and what on earth could be stolen that is worth paying for. This has of course nothing to do with the kidnapping of family, friends or pets but rather something much more ordinary: your computer, or more accurately the data in your computer is "kidnapped". An attacking criminal uses Ransomware to encrypt data on infected computers and then demands ransom money for decryption of this data. This is a really nasty trick because good encryption algorithms make decryption of this data almost impossible.
An old idea revived - how it works
As already mentioned, this is not a new idea and the first variants surfaced in 1989. However, our analysis team has already seen a number of Ransomware outbreaks this year with a very high rate of coverage and this is why one can speak of a renaissance of this class of Malware. This is probably due to the large number of fast and potentially anonymous payment methods that now exist. In addition to the classical credit cards, services such as Paypal, Moneybookers, Ukash and many others allow fast transfer of the ransom money.
Whereas the so-called "Bundespolizei" Ransomware Trojan terrorized mainly German Internet users, in June of 2011 our Malware experts detected a much larger outbreak that spread from Great Britain over all of Europe: the METROPOLITAN POLICE Ransomware. As the name indicates, this Malware and the Germanic variant pretended to be police software and claimed that the PC user had violated British Law. The program stated that the computer is now locked for this reason and the user must pay a fine in order to regain control over his/her own computer.
This sounds similar to clamping an illegally parked car but is of course simply an extortion attempt. At present, there are no national organizations that use software to lock a computer without personal contact. Users who are not computer experts or heavily mistrustful can easily fall for this type of fraudulent trick. This results in hard cash passing from unknowing victims to cyber criminals.
How can I protect my computer?
As with all Malware, Ransomware must first find a way of infecting a PC. This can occur through security holes in the system, infected downloads and malicious or manipulated websites. The two golden rules also apply here: always keep your operating system and installed programs up to date and install a good security program offering real-time protection such as our Emsisoft Anti-Malware
If you are someday presented with a locked computer despite this then the first rule is: Keep calm. Whatever happens, you should not give in to the fraudster and pay the ransom money. Detailed removal instructions are usually quickly available for most Ransomware outbreaks and the best option is to use another computer to search for information on the Malware using your favorite search machine. Our experts in the "Help, my PC is infected!" Emsisoft Forum are also always ready and willing to help you.