Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Ransom malware gangs making huge profits, Symantec discovers

The new scareware

Article comments

The problem of ransom malware has reached epidemic proportions and could be extracting fraudulent payments from as many as 3 percent of victims, a Symantec report has calculated.

In a world already afflicted by botnets, banking Trojans and established problems such as keyloggers and spam, ransomware – programs that ‘lock’ victims’ computers or files until a ransom payment is made - has grown into a major problem, with surprisingly little coverage from security vendors until recently.

Symantec’s report Ransomware: A Growing Menace attempts to shed more light on the problem and comes up with some disturbing findings.

The scams uncovered by the trawl are remarkable for the scale of their ambition, the localisation they employ to help dupe victims and the sheer aggressiveness of their tactics.

The company identified at least 16 distinct families circulating among mostly Russian-based criminal groups, each with its own development cycle. Several of these could have originated with a single master programmer, suggesting a layered industry not unlike that which developed around fake antivirus programs four years ago.

Coming in a variety of forms – a popular tactic is to impersonate national police forces  - the criminals demand payment from PC users for a variety of bogus ‘crimes’ such as using unauthorised software or downloading illegal content.  

Sums demanded range from $50 to $200. Disturbingly, Symantec's investigation of one command and control server found that in a single month as many as 2.9 of 68,000 people infected by the malware it controlled were paying up.

On one particular day that would have netted the criminals $33,600 (£21,000) minus any losses lost during money laundering.  In a year, some groups must be earning millions from ransom scams which explains the alarming growth of the problem.

Although under-reported, there are plenty of examples of ransomware attacks if you join up the dots.

Last month, 30 businesses in one Australian state were reported to have been hit by ransom malware, with one reportedly paying AUD $3,000 (£1,950) to get the PIN number to unlock their files.

This followed on from earlier warnings by the FBI and UK police that they were receiving a growing number of reports of attacks on consumers. In one incident a medical server in the US was locked up by attackers that demanded a payment be made to retrieve the data intact. These are only the reported attacks – many will go unrecorded.

"As awareness of these scams increases, the attackers and their malware are likely to evolve and use more sophisticated techniques to evade detection and prevent removal. The 'ransom letter' will likely also evolve and the attackers will use different hooks to defraud innocent users," Symantec's researchers conclude.

The firm identifies three eras of ransomware, starting with isolated file encryptors that originated in Russia in 2006. By 2009 the phenomenon was expanding to the lock screens that demand payment; by 2011 ransomware was sophisticated enough to take payments through electronic systems and had started using impersonation as its major line of attack (where criminals will pretend to represent police forces).


More from Techworld

More relevant IT news


Mike Reilly said: interesting you have any links for more on libs

1Citizen said: Its easy enough to avoid getting malware on your computer but many people think of their PCs like TVs and Microsoft seems to encourage that view with each new operating systems

gv280z said: This happened to me too twice actually and the 2nd time it turned my webcam on and all of a sudden I see myself on screen as Im getting over my initial shock I was able to kill the attack by going into safe mode and running ComboFix from wwwbleepingcomputercom and that did get it

Joy said: Anonymous - For you to state that you understand I am correct And to sign in anonymously says it all

I Call B.S. said: Joy -Your tin foil hat is a little too tight

chris said: yup and thats how easy it is Just boot into safe mode and use Malwarebytes antimalware Best program there is

Satariel said: Yeah lets kill everyone who does something we dont like Just like how Hitler did

cocoman said: happened to me once and i whipped out the disc and rebooted the whole mess back into my computer problem solved and a new computer too

Joy said: Laser-Induced Breakdown Spectroscopy Libs is what the chemtrails are It is a part of a global criminal layered attack on people everywhere This crap sprayed in the skies that then falls to the earth and all it takes is electronic equipment etc for a wall of Gaussian to be brought up so that no camera anywhere will be able to document accurately any evidence of criminal activity I am talking about criminals of highly organized educated and resourceful positions

Jaynicia said: I got a virus like thatit was called Win 7 Antivirus 2012 It locked up any exe file so I couldnt execute anything It kept running this virus scan and at the end of it told me I had to register and pay 3999 for it Well hang that crap I logged in under the safe mode with networking went online with the name of the virus and found a way to fix it I had to download AntiMalwareBytes Antivirus and another search and destroy program and cleaned out my computerI invested HEAVILY in AntiMalwareBytes after that

litigator said: These crimes are so frustrating that you do feel like there should be the harshest punishment for the perpetrators People who create viruses should use their talents to better the world not to hurt as many people as they can

Whippit said: Find them and put a bullet in their heads

Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *