Security specialist Symantec is warning of a resurgence of ransomware in Western Europe and North America.
The scam, in which malware encrypts data or makes a victim’s computer unusable unless a specific code is purchased, has likely reaped at least $5 million (£3.1m) in the past year, according the company.
In a recent campaign discovered by the firm, for example, almost 70,000 computers were infected in a single month, of which 2.9 percent paid the ransom to unlock their systems – that totals $400,000 (£249,937) for a single month, the firm said.
“This is as bad as it comes, in terms of hitting below the belt,” said Vikram Thakur, principal researcher for Symantec Security Response. “The attackers are targeting Europe and the US, because they think that people will pay up.”
The attack usually occurs through a Web exploit or a so-called drive-by download, where the user is redirected to a Website that attempts to install malware on their system. Most often, the attack happens without any indications to the user that their computer has been compromised.
While past ransomware scams would encrypt the hard drive or critical files and charge for the decryption key, the latest variants tend to lock the system by gaining system level access and blocking certain components from running. The program then displays a warning imitating local law enforcement that threatens to have them arrested if they do not pay a fine within 72 hours.
To lend additional sinister urgency to the ransom demand, one message displaying the seal of the US Department of Justice warns victims that their IP address was used to visit explicit child abuse sites, adding that “spam-messages (sic) with terrorist motives were also sent from your computer.”
Unlike other popular scams, such as fake antivirus software or banking trojans, ransomware prevents a victim from using their system or data. Unable to access their computer system, the victim typically becomes desperate, Thakur said.
“You have gone from being able to use your computer to nothing at all, and you have to rely on another computer or the phone to contact support or find help,” he said.
Symantec and other antivirus firms do not recommend paying. Many times the criminals will not send a code key and just take the users’ money. While some businesses attacked in Australia who complied with ransomers demand for Au$3,000 (£1,955) have gotten encryption keys, victims can never be sure, says Thakur.
“At the end of the day, they are asking for money with no guarantees,” he said. “We have seen that code for uninstalling this ransomware does exist, but we believe that most of the groups don’t even have that function in their malware.”
What do you know about Internet security? Find out with our quiz!
Originally published on eWeek.
Troubled battery maker Northvolt reportedly considers Chapter 11 bankruptcy protection in the United States as…
Microsoft's cloud business practices are reportedly facing a potential anti-competitive investigation by the FTC
Ilya Lichtenstein sentenced to five years in prison for hacking into a virtual currency exchange…
Target for Elon Musk's lawsuit, hate speech watchdog CCDH, announces its decision to quit X…
Antitrust penalty. European Commission fines Meta a hefty €798m ($843m) for tying Facebook Marketplace to…
Elon Musk continues to provoke the ire of various leaders around the world with his…