Digital Identity Blog

Thought leadership for cybersecurity, fraud and digital channel professionals

If You Ever Want to See Your Computer Working Again, Give Us $$$$$$ in Unmarked Bills. Ramsomware Menace Grows.

By ThreatMetrix
ThreatMetrix®, The Digital Identity Company®, is the market-leading cloud solution for authenticating digital personas and transactions on the Internet. Verifying more than 20 billion annual transactions supporting 30,000 websites and 4,000 customers globally through the ThreatMetrix Digital Identity Network®, ThreatMetrix secures businesses and end users against account takeover, payment fraud and fraudulent account registrations resulting from malware and data breaches.
Follow ThreatMetrix ThreatMetrix's Most Recent Posts:

Nineteen thirties America saw a sharp rise in crime with gangs led by criminals with colorful sobriquets like Ma Barker, Baby Face Nelson and Machine Gun Kelly. In addition to bank robbery, another popular and lucrative occupation these gangs indulged in was holding people for ransom

Eighty years later, fueled by an upsurge in worldwide cybergangs, holding for ransom is still a popular criminal activity – only instead of holding people, it’s holding PCs.

If you’re not familiar with the practice, here’s how it goes. Cybercriminals trick a user into downloading malware that locks, or in some other way, disables the user’s PC. Then, the user receives a “ransom note” in the form of a fine for having pornography on his computer or having his/her computer used to distribute malware or some other illicit activity. The fine has supposedly been levied by legitimate police or other governmental organization.

As in the case of the famous Lindbergh baby kidnapping where the ransom was paid and the baby was still found dead, paying the ransom does not make for a happy outcome. In the case of ransomware, the malefactor will not remove the malware which has to be manually deleted.

A Symantec report quoted on says in 2012, the scam has really taken off. “From just a few small groups experimenting with this fraud, several organized gangs are now taking this scheme to a professional level and the number of compromised computers has increased. (And) Symantec has identified at least 16 different versions of ransomware.” goes on to note, “One malware investigation mentioned in the report discovered 68,000 affected computers in a single month. Another one caught a Trojan attempting to infect 500,000 PCs over the course of just 18 days.”

In fact, says cybercriminals look at ransom as a cash cow. “As much as 2.9 percent of all people affected by ransomware end up paying the ransom. (And cybercriminal) gangs have stolen more than $5 million a year from unsuspecting victims, according to one estimate.” Symantec believes that figure is likely on the low side.

All the gangs seem to get their ransomware from a single source. The mysterious “Mr. or Ms. X” appears to have a full-time job as a ransomware developer.

According to Symantec, ransomware is probably being upgraded as awareness of the scam increases. “(Attackers) and their malware are likely to evolve and use more sophisticated techniques to evade detection and prevent removal….The ‘ransom letter’ will likely also evolve and the attackers will use different hooks to defraud innocent users.”

By ThreatMetrix Posted