Ransomware: a Christmas present no one wants

Browsing on my PC during the festive season, I was hit with the nastiest piece of malware I’ve ever had to deal with. An official looking message popped up, replete with NZ Police logo, telling me that I had in some way broken the law and was subject to jail sentences and fines. These would go away if I paid $100 to “The State” by using Ukash, a form of bitcoin.

The ransomware had locked my PC. I couldn’t even start it in safe mode. A technical friend worked on it for some hours and eventually managed to install some strong anti-malware software after many attempts.

Ransomware has been around for a few years but it has become increasingly sophisticated. It’s broadly known as Cryptolocker. In the UK last year, the software was demanding two bitcoins to unlock the computer, which at the time was equivalent to around 500 pounds. It was sufficient for British banks and police to put out a warning.

Symantec technology specialist Mark Shaw says the company has been tracking the growing maturity of ransomware threats since they came on the scene in 2009.

“These primarily focused on locking the user’s screen and displaying a ransom note, often leveraging geolocation services, customising the note to make it appear as if it were from a law enforcement agency,” he says.

“In 2013, the practice of encrypting all files and folders, while not new, has increased through the proliferation of well-known malware such as Cryptolocker. These are relatively sophisticated threats that encrypt local and network-connected files and folders. Due to the strong encryption algorithms used, if is often not possible for the user to decrypt the files.

“Users are typically infected by opening an infected attachment in an email or by ‘drive-by-downloads’ simply by browsing an infected website.”

Don’t pay the ransom, he warns. “If these scams make money for their authors, it will only encourage the attackers. Payments will fund new research and development for new and more sophisticated attacks. There is also no guarantee that paying the ransom will unlock the encrypted files.”

Symantec recommends that all computers be kept up to date with patches for operating systems, browsers and other applications. Shaw says you should ensure that you have a reputable endpoint security solution in place and that this is up to date. “Also ensure that you are performing back-ups of your important files,” he says. “Never open an attachment unless you’re expecting it and you know its origin.”

A Symantec security response white paper entitled “Ransomware: A Growing Menace”, published late in 2012, showed that up to 2.9 per cent of victims end up paying ransoms. Shaw says that number is significant, given that fees range up to $500, and that one gang was observed attempting to infect 495,000 computers over the course of just 18 days.

In New Zealand, Netsafe reported last October that it was aware of more than 500 instances of ransomware here. That may be just the tip of the iceberg.