These scams represent an evolution from earlier forms of ransomware that made plain their creators’ criminal intentions. One variant reported by Sophos in 2010 would encrypt the users’ files, change their desktop wallpaper to an alert message, and then display a text file ordering them to send a $120 wire transfer to a Swiss bank account in exchange for instructions on decrypting their files. The alert warned users, “Don’t try to tell someone about this message if you want to get your files back!”
The scare tactics are clearly working. McAfee highlighted ransomware as one of the top malware trends in its latest quarterly threats report, noting that it seems to be replacing “fake AV,” or fake antivirus programs, as the scam du jour. (Fake AV reports peaked in mid-2011.) And Brian Krebs of the blog Krebs On Security got his hands on data from a ransomware scam in France that showed that, on one particular day, 2,116 PCs had been infected. Only 79 of the victims actually paid, but at $100 apiece, they provided a good haul for the hackers—especially considering they were doubtlessly running the same scam in many other countries.
What the ransomware wave demonstrates is that as the average computer user becomes wise to old tricks like the Nigerian email scam, criminal hackers will develop more sophisticated schemes. “Hacktivist” groups such as Anonymous and LulzSec get more press with their flashy denial-of-service attacks and password leaks targeting major corporations and government websites. But sprawling criminal networks, many with roots in Eastern Europe, quietly prey on individuals around the world on a daily basis.
So what should you do if you’re unwary and unlucky enough to contract a ransomware Trojan? First, instructs Sophos’ Paul Ducklin in a helpful video, don’t panic and don’t do anything rash. Once the malware has control of your machine, chances are that most of the damage has already been done. (In theory the hackers could mine your files for private information, but in practice they rarely do. Too much effort for an uncertain reward.) And ignore those threats not to tell anyone about the attack. Unless you’re an expert yourself, it’s absolutely a good idea to enlist the help of a computer security expert to help you figure out how to handle it. There’s a chance that an antivirus program could do the trick, but in most cases, you’ll have to reinstall your operating system from the ground up. The FBI—the real FBI—also recommends filing a complaint at www.ic3.gov.
As with most forms of malware, the best protection here is simply to avoid visiting compromised websites or clicking on any suspicious-looking links, whether on the Web or in emails, Twitter or Facebook messages, or even (lately) Skype messages. Keeping your operating system and apps updated with the latest security patches always helps, and antivirus software can be an additional prophylactic. But this particular type of attack also reinforces the importance of backing up your files. Otherwise, you might never see them again.
It’s conceivable, some security types admit privately, that paying up could prompt the criminals to restore them. But the official advice is that you never should, and in most cases that’s the advice that makes the most sense. Once the hackers have your money, there’s little incentive for them to restore your files. And seeing that they’ve found a sucker, they might come right back and target you again.