Friday, June 09, 2006

Scambusters

With the online economy booming, it is becoming common for people to devote more and more time and money over the Internet and online choices for diverse needs. With increasing money on the web, comes the threat of increasing troubles.

Scambusters is a website that is devoted to busting scams on the net, ranging from Viruses, Trojans, Backdoors, Hoaxes, Chain Mails, False Emails, Phishing to online scams, e-fraud, identity theft and many more threats.

It is a favourite read for me and keeps me updated on what is happening to the online world and how to keep oneself protected. Simple and practical advice, in a no-nonsense format!

Recently they covered a new type of threat called Ransomware. Have a look below at the article. I strongly suggest you subscribe to their newsletter.


<>~<>~<>~<>~<>~<>~<>~<>~<>~<>~<>
Ransomware: How to Protect Yourself
<>~<>~<>~<>~<>~<>~<>~<>~<>~<>~<>

Let's start with: what is ransomware?

Just like thieves kidnap people and then demand a ransom to return them unharmed, ransomware is an extortion scheme whereby thieves hijack the victim's computer files and then demand a ransom so the victim can have them back in their original condition.

More specifically, malicious code is used to seize control of the victim's computer and hijack the computer files, and the files are then encrypted by this malicious code. So, all of a sudden, a user's computer files are in a format that is not readable by humans!

This can be very disconcerting, to say the least.

The scammer then demands payment in exchange for the decryption key.

The amount of ransom can vary quite dramatically. Scammers who ask for small ransoms of $10 have generally been much more successful than thieves who ask for several hundred dollars.

Payment is often demanded through some type of online currency, such as Webmoney or eGold, although wiring money via Western Union is not uncommon.

Ransom.A is one program that claims it will destroy one computer file every 30 minutes until the victim pays the ransom. (In this case, however, Ransom.A doesn't actually delete or encrypt anything -- it's a hoax. Nonetheless, it's probably a very effective hoax.) ;-)

Another ransomware program, Trojan.Archiveus, is a Trojan horse that password protects files and then asks the user to pay the ransom to get a password that unlocks the files. In this case, the virus writer made the critical error of placing the password in the code.

According to Symantec, the password is: mf2lro8sw03ufvnsq034jfowr18f3cszc20vmw

Read more about Trojan.Archiveus

Recently, security experts have discovered a new ransomware variant in which the scammer demands that the victim purchase a specific amount of pharmaceutical drugs from a Russian pharmacy to meet the ransom demand.

Ransomware programs also may try to embarrass victims to get them to comply quickly, using tactics like displaying adult images.

Ransomware is currently a PC (and not a Mac) problem.

Ransomware attacks can occur via email attachments or direct access to a computer network; however, most ransomware attacks are browser-based.

For example, the Web-filtering software company Websense described one ransomware case in which someone visited a website that was hacked. A Trojan horse entered the victim's network and was able to search all of the system directories and mapped drives. After the program encrypted the files and left a ransom note, it deleted itself.

Until now, cases of ransomware have been quite rare, but they are increasing at a very fast clip right now. That's why we wanted to alert you to this threat now.

A related threat, which is currently more common than ransomware, is for a hacker to break into a company computer system to prove he can do it, and then demand payment for not attacking the system.

Security experts say that some gaming sites have experienced this threat and have paid up to tens of thousands of dollars to avoid the attacks.

How to protect yourself from ransomware: The good news is you don't need special ransomware products to protect yourself or your computer network from ransomware.

Rather, the same methods of protecting yourself that we've been recommending for your general computer security apply: use firewalls, up-to-date anti-virus and anti-spyware software, and keeping your browser, system software and other software up-to-date with the latest patches.

Further, we recommend you use a pop-up blocker if you don't already. A lot of ransomware is delivered via pop-ups. And of course, be very careful about downloading software -- games, screensavers, etc. can include ransomware.

Last but certainly not least, it is vital to back up not only your personal computer files very regularly, but your system files as well.

You can read more about ransomware (and PC backup suggestions) from Brian Krebs on the Washington Post blog:

Read the Washington Post Blog

Time for us to take a walk through the mountains! We'll see you next week.
<>~<>~<>~<>~<>~<>~<>~<>~<>~<>~<>~<>~<>~<>~<>~<>~<>~<>

No comments:

Post a Comment