Share This Page

Cyber-security experts warn computer users of 'explosion of ransomware'

| Thursday, Oct. 31, 2013, 12:01 a.m.

Thousands of consumers are getting a nasty shock when they turn on their computers.

They find their screen frozen with an alarming note from what appears to be a government agency claiming they've accessed child pornography or committed other crimes and demanding money to unlock their machines.

If they fail to pay, the note warns, the authorities will lock them up.

“It's probably the No. 1, end-user cybercrime now,” said Kevin Haley, director of security response at Mountain View, Calif.-based Symantec. “It's pretty serious.”

Experts say the risk of getting infected with “ransomware” can be minimized by making sure all of your software — including antivirus programs — are updated regularly, not opening spam or email attachments from people you don't know and avoiding suspicious-looking websites.

If that doesn't work, you may have to wipe the computer completely clean and reinstall your files. That assumes you have previously “backed up” or stored those files on a USB device, website service or some other way. If you haven't, your photos, financial records and other documents could be lost.

Windows-based computers often come with a recovery CD for restoring the operating system and other pre-loaded software. But restoring files can be complicated, and people who aren't tech-savvy may need to get help from a computer-repair store or other experts.

“It's a nasty type of malware,” concluded Andreas Baumhof, chief technology officer at San Jose, Calif., security company ThreatMetrix. “After one of these incidents, I'm sure people treat their online security differently.”

Although the money-extorting scheme has been around for years, it gained notoriety in 2005, when Russian crooks began using it. Since then, it has evolved to become one of the world's most pervasive and aggravating cyber schemes.

Symantec, one of several companies offering a free ransomware removal service, recently reported seeing an “explosion of ransomware” spread by criminal gangs. In one case alone, it noted, 500,000 computers were infected over a period of just 18 days.

At least 16 variations of the scam have been documented. A typical version freezes the victim's computer with a message bearing an official-looking FBI logo, accusing the person of having visited child porn websites and of sending “messages with terrorist motives.” It demands $200 or more to unlock the machine, adding, “you have 72 hours to pay the fine; otherwise you will be arrested.”

In earlier versions, victims were told to pay the ransom by sending a premium-rate text message, which was charged to their phone bill. More recently, crooks have demanded payment via prepaid electronic systems such as MoneyPak. Those are sold for cash in stores and provide coded numbers used to pay bills online.

“A conservative estimate is that over $5 million a year is being extorted from victims,” Symantec's report said, though it added that the actual total is “likely much higher.”

Experts generally advise against paying the ransom, because there's no guarantee the crooks will ever unfreeze the computer. If you do pay, said ThreatMetrix's Baumhof, all you can do is “hope and pray that the bad guys have some sense of humanity in them.”

TribLIVE commenting policy

You are solely responsible for your comments and by using TribLive.com you agree to our Terms of Service.

We moderate comments. Our goal is to provide substantive commentary for a general readership. By screening submissions, we provide a space where readers can share intelligent and informed commentary that enhances the quality of our news and information.

While most comments will be posted if they are on-topic and not abusive, moderating decisions are subjective. We will make them as carefully and consistently as we can. Because of the volume of reader comments, we cannot review individual moderation decisions with readers.

We value thoughtful comments representing a range of views that make their point quickly and politely. We make an effort to protect discussions from repeated comments either by the same reader or different readers

We follow the same standards for taste as the daily newspaper. A few things we won't tolerate: personal attacks, obscenity, vulgarity, profanity (including expletives and letters followed by dashes), commercial promotion, impersonations, incoherence, proselytizing and SHOUTING. Don't include URLs to Web sites.

We do not edit comments. They are either approved or deleted. We reserve the right to edit a comment that is quoted or excerpted in an article. In this case, we may fix spelling and punctuation.

We welcome strong opinions and criticism of our work, but we don't want comments to become bogged down with discussions of our policies and we will moderate accordingly.

We appreciate it when readers and people quoted in articles or blog posts point out errors of fact or emphasis and will investigate all assertions. But these suggestions should be sent via e-mail. To avoid distracting other readers, we won't publish comments that suggest a correction. Instead, corrections will be made in a blog post or in an article.