Imagine someone getting access to your computer, encrypting all your family photos and other priceless files, and then demanding a ransom for their safe return. That is what ransomware is all about, according to a report from the BullGuard Newsletter.
Ransomware is a type of malware used for data kidnapping and it takes your data hostage by encrypting it using supposedly unbreakable encryption algorithms and then demands payment in exchange for the decryption key.
Ransomware works in various ways and demands different ransoms. One ransomware Trojan searched a victim’s hard disk drive for 15 common file types, including images and Microsoft Office file types. It then encrypted the files, removed the originals and dropped a note asking $200 for the encryption key. Another piece of ransomware froze a victim’s system and threatened to delete files every 30 minutes until an amount of $10.99 was sent to a particular account.
Instructions on how to recover encrypted data are typically left on an infected PC and a “ransom note” from the summer of 2007 looked like this:
“Hello, your files are encrypted with RSA-4096 algorithm. You will need at least a few years to decrypt these files without our software. All your private information for last the 3 months were collected and sent to us. To decrypt your files you need to buy our software. The price is $300. If you will not contact us before 07/15/2007 your private information will be shared and you will lose all your data.”
There have also been examples of webmail (in most cases Hotmail) accounts being hijacked, with all mail and contacts erased. The only remaining message: a ransom note demanding payment for the return of the deleted data.
Although ransomware trojans are still rare, the number has been rising. In the second quarter of 2006 it rose 30% and in February 2007 a leading security researcher said that ransomware trojans would be a key threat in the future. From November 2006 to July 2007, a security company recovered 14.5 mln records from over 152,000 unique victims. This data was all stolen using one single ransomware trojan called GpCode.
Ransomware first appeared in May 2005 and it is also known as a cryptovirus, cryptotrojan or cryptoworm.
