Categories: SecurityWorkspace

Ransomware Thieves Make £3m A Year, Symantec Warns

Security specialist Symantec is warning of a resurgence of ransomware in Western Europe and North America.

The scam, in which malware encrypts data or makes a victim’s computer unusable unless a specific code is purchased, has likely reaped at least $5 million (£3.1m) in the past year, according the company.

Below The Belt

In a recent campaign discovered by the firm, for example, almost 70,000 computers were infected in a single month, of which 2.9 percent paid the ransom to unlock their systems – that totals $400,000 (£249,937) for a single month, the firm said.

“This is as bad as it comes, in terms of hitting below the belt,” said Vikram Thakur, principal researcher for Symantec Security Response. “The attackers are targeting Europe and the US, because they think that people will pay up.”

The latest ransomware attacks first targeted Russia and other former Eastern Bloc countries in the last two years. Attacks had jumped by half from the first quarter to the second quarter of 2012, according to security firm McAfee. In late summer, however, security experts noted that the attacks had started targeting victims in several Western European nations, including Austria, France, Germany, the Netherlands, Switzerland and the United Kingdom. Now, North American computer users are targeted as well.

The attack usually occurs through a Web exploit or a so-called drive-by download, where the user is redirected to a Website that attempts to install malware on their system. Most often, the attack happens without any indications to the user that their computer has been compromised.

While past ransomware scams would encrypt the hard drive or critical files and charge for the decryption key, the latest variants tend to lock the system by gaining system level access and blocking certain components from running. The program then displays a warning imitating local law enforcement that threatens to have them arrested if they do not pay a fine within 72 hours.

To lend additional sinister urgency to the ransom demand, one message displaying the seal of the US Department of Justice warns victims that their IP address was used to visit explicit child abuse sites, adding that “spam-messages (sic) with terrorist motives were also sent from your computer.”

Desperate Users

Unlike other popular scams, such as fake antivirus software or banking trojans, ransomware prevents a victim from using their system or data. Unable to access their computer system, the victim typically becomes desperate, Thakur said.

“You have gone from being able to use your computer to nothing at all, and you have to rely on another computer or the phone to contact support or find help,” he said.

Symantec and other antivirus firms do not recommend paying. Many times the criminals will not send a code key and just take the users’ money. While some businesses attacked in Australia who complied with ransomers demand for Au$3,000 (£1,955) have gotten encryption keys, victims can never be sure, says Thakur.

“At the end of the day, they are asking for money with no guarantees,” he said. “We have seen that code for uninstalling this ransomware does exist, but we believe that most of the groups don’t even have that function in their malware.”

What do you know about Internet security? Find out with our quiz!

Originally published on eWeek.

Robert Lemos

Robert Lemos covers cyber security for TechWeekEurope and eWeek

Recent Posts

AI Start-Up Basis Raises $34m For Accountancy Agent

Start-up Basis raises $34m in Series A funding round for AI-powered accountancy agent to make…

5 mins ago

Databricks Raises $10bn In Huge AI Funding Round

Data analytics and AI start-up Databricks completes huge $10bn round from major venture capitalists as…

35 mins ago

Congo Files Complaints Against Apple Over Conflict Minerals

Congo files legal complaints against Apple in France, Belgium alleging company 'complicit' in laundering conflict…

1 hour ago

EU Opens TikTok Probe Over Election Interference Claims

European Commission opens formal probe into TikTok after Romanian first-round elections annulled over Russian interference…

2 hours ago

China Chip Growth Slows As US Targets Legacy Chips

Growth in China's output of integrated circuits slows in November as Biden administration reportedly launches…

2 hours ago

Meta Adds ‘Live AI’ To Ray-Ban Smart Glasses

Facebook parent Meta adds AI voice chat, live translation to Ray-Ban Meta smart glasses as…

23 hours ago