Nineteen thirties America saw a sharp rise in crime with gangs led by criminals with colorful sobriquets like Ma Barker, Baby Face Nelson and Machine Gun Kelly. In addition to bank robbery, another popular and lucrative occupation these gangs indulged in was holding people for ransom
Eighty years later, fueled by an upsurge in worldwide cybergangs, holding for ransom is still a popular criminal activity – only instead of holding people, it’s holding PCs.
If you’re not familiar with the practice, here’s how it goes. Cybercriminals trick a user into downloading malware that locks, or in some other way, disables the user’s PC. Then, the user receives a “ransom note” in the form of a fine for having pornography on his computer or having his/her computer used to distribute malware or some other illicit activity. The fine has supposedly been levied by legitimate police or other governmental organization.
As in the case of the famous Lindbergh baby kidnapping where the ransom was paid and the baby was still found dead, paying the ransom does not make for a happy outcome. In the case of ransomware, the malefactor will not remove the malware which has to be manually deleted.
A Symantec report quoted on cnet.com says in 2012, the scam has really taken off. “From just a few small groups experimenting with this fraud, several organized gangs are now taking this scheme to a professional level and the number of compromised computers has increased. (And) Symantec has identified at least 16 different versions of ransomware.”
Cnet.com goes on to note, “One malware investigation mentioned in the report discovered 68,000 affected computers in a single month. Another one caught a Trojan attempting to infect 500,000 PCs over the course of just 18 days.”
In fact, cnet.com says cybercriminals look at ransom as a cash cow. “As much as 2.9 percent of all people affected by ransomware end up paying the ransom. (And cybercriminal) gangs have stolen more than $5 million a year from unsuspecting victims, according to one estimate.” Symantec believes that figure is likely on the low side.
All the gangs seem to get their ransomware from a single source. The mysterious “Mr. or Ms. X” appears to have a full-time job as a ransomware developer.
According to Symantec, ransomware is probably being upgraded as awareness of the scam increases. “(Attackers) and their malware are likely to evolve and use more sophisticated techniques to evade detection and prevent removal….The ‘ransom letter’ will likely also evolve and the attackers will use different hooks to defraud innocent users.”