In the old days, pre-digital that is, a popular extortion method involved the kidnapping of family members by heartless criminals who were then held to ransom until money was handed over. Worst-case scenarios saw body parts removed and sent back to prove how serious they were. In extreme cases, the hapless victim was murdered to prevent them identifying the criminals.
Today’s ‘digital criminals’ have worked out a way to extract ransom money from unsuspecting internet users via ‘ransomware!’ There is little fear that the victims will come to any physical harm, but their computer, and its contents, just might.
A ‘ransomware’ attack goes something like this. You have just opened a web page but it suddenly goes grey, then a window emerges purporting to be from a national crime authority, depending where you are located it could be the FBI in the U.S., or the Federal Police in Australia. It all looks very authentic, too, and it states that you have been violating Copyright laws by downloading illegal content, viewing pornography or similar damning claims and that you computer has been locked.
The ‘offenses’, you are told, are punishable by a fine or jail term of up to three years. There’s only one way to unlock your computer, according to the warning on your browser, and that’s to pay up. And if you don’t pay the specified “fine” within 48 or 72 hours—often by purchasing a prepaid cash card such as Green Dot’s Moneypak, which makes the transaction hard to trace—it claims that you’ll be locked out of your machine permanently, have your files deleted and face criminal charges to boot.
Of course, the criminal charges are bogus, but nevertheless unnerving, especially if you have been involved in one of the activities mentioned. What is more frightening is the fear of being locked out of your computer and, even worse, losing all your files. This threat is, in fact, very real with a number of ‘victims’ reporting their files actually being deleted.
There are many variants of ‘ransomware’ being reported, and some people are actually paying up. It’s pretty easy to see why, but there are alternatives. The version described above is actually the product of a virus called Reveton. Slate.com reports that “you can contract it either by clicking a malicious link or visiting an infected website, which triggers an automatic download. Beneath the video feed (that also appears) and registers the surprise on your face as you recognize yourself, are your computer’s IP address and hostname and an urgent message: ‘Your computer has been locked!’ Scroll further and you’ll find yourself accused of possessing illegally downloaded files in violation of federal copyright laws.”
So what should you do if this happens to you? As Slate.com further explains, “Once the malware has control of your machine, chances are that most of the damage has already been done. First, instructs Sophos’ Paul Ducklin in a helpful video, don’t panic and don’t do anything rash. Ignore those threats not to tell anyone about the attack. Unless you’re an expert yourself, it’s absolutely a good idea to enlist the help of a computer security expert to help you figure out how to handle it. There’s a chance that an antivirus program could do the trick, but in most cases, you’ll have to reinstall your operating system from the ground up.”
I would suggest disconnecting from the internet at the very least. Apart from stressing the obvious that you should avoid dubious websites and links, and have the latest updates of your OS and antivirus software in place, keeping a recent backup to recover from would be the best advice. Whatever you do, don’t pay up, it will only encourage more of the same.
First published at TM Forum as The Insider, 8 November, 2012