{"id":245362,"date":"2010-01-29T06:00:00","date_gmt":"2010-01-29T11:00:00","guid":{"rendered":"tag:redtape.msnbc.com:\/\/8be91dbc36c68889b9fb3a955355457a"},"modified":"2010-01-29T06:00:00","modified_gmt":"2010-01-29T11:00:00","slug":"give-me-your-money-or-your-computer-gets-it","status":"publish","type":"post","link":"https:\/\/mereja.media\/index\/245362","title":{"rendered":"Give me your money, or your computer gets it"},"content":{"rendered":"

\"Rogue\"<\/a> <\/font><\/p>\n

Courtesy PandaLabs<\/em>
 <\/font><\/p>\n

Turning hijacked computers into cash is still hard work for most computer criminals.  They've got to trick the infected PC into sending spam, then trick a recipient into buying a useless product — or they have to steal online banking passwords, log onto a victim\u2019s account, bypass the bank\u2019s money transfer fraud controls, and so on.<\/font><\/p>\n

It's much easier to just demand cash directly from infected users — a crime that's the Internet's equivalent of kidnapping.  <\/font><\/p>\n

"Give me all your money or your computer gets it-" is the basic proposition.  <\/font><\/p>\n

The technique was dubbed "ransomware" many years ago by computer virus researchers, and is not new.  What is new is the explosion of ransomware, thanks to the evolution of ever-more-believable tactics during recent months.<\/font><\/p>\n<\/p>\n

In December, the FBI issued a warning about a broader category of malicious programs called "rogueware.\u201d These programs appear on users' machines and claim to find viruses, then offer to clean them for $50.  Rogueware looks so realistic — complete with Windows-like dialog boxes and scary warnings — that Web users were tricked into sending $150 million to criminals last year, <\/font>the FBI says<\/font><\/a>.<\/font> <\/p>\n

The new ransomware is similar, but far more aggressive.  Once a computer is infected with it, the program does more than recommend a software purchase \u2013it simply won't let users continue to use their PC until they pay up. <\/font><\/p>\n

<\/p>\n

Luis Corrons Granel, a researcher at Panda Security, said use of ransomware by criminals is exploding — 25 percent of all rogueware in the past quarter involved a family of intimidating products named "TotalAntivirus.\u201d It demands that users pay $50 for two years, $79 for a lifetime license.<\/p>\n

\u201cThe increase (in ransomware) has been really significant,\u201d Granel said. A single family of ransomware programs called \u201cTotal Security\u201d made up one-quarter of all rogueware programs detected during the past three months, he said. <\/p>\n

To an average user, most rogueware would be indistinguishable from other standard antivirus products.  They look like fully functional software, showing Windows-like screens for firewall settings, file scanning, and every other tab you'd expect from standard antivirus products. \u201cTotal Security\u201d even lets users choose their language — English, Spanish, and German are offered. <\/p>\n

The switch to ransomware by the bad guys makes sense, says Peter Cassidy, spokesman for the Anti-Phishing Working Group — because computer criminals are refining their programming methods, and getting more aggressive about taking people's money.<\/p>\n

\n<\/object><\/p>\n

See ransomware in action with this video from PandaLabs.<\/em><\/font><\/p>\n

"Instead of trying to fool people and getting one out of 1,000 to pay, what they're doing now is just locking up the PC and telling them they have to pay," he said.  "It's a really violent approach, really nasty."<\/p>\n

There might be one silver lining to the rise of ransomware, Cassidy said.  <\/p>\n

"It's not in that gray area of selling people useless crap," he said.  \u201cIt\u2019s clearly criminal, and extortion does get the attention of law enforcement officials.\u201d<\/p>\n

As is customary, computer criminals are fusing this new attack with successful, older methods, said John Harrison, a security researcher at Symantec Corp. In one recent example, criminals first engaged in search engine "poisoning," so their booby-trapped Web sites would rate high in Google searches about Haiti\u2019s earthquake. Visitors who clicked were tricked into downloading the ransomware software; and then were confronted with extortion demands.<\/p>\n

"That's their distribution model," Harrison said -. "They used to do it subtly, but now they are doing it much more brazenly."<\/p>\n

<\/font><\/p>\n

\"DataDoctor\"<\/a> <\/font><\/p>\n

Screen capture provided by PandaLabs.<\/em><\/font><\/p>\n

In some versions, users will see a message that says, "Google recommends you install this," or "Microsoft recommends you turn this feature on- \u2026 then, they take over your computer and all of a sudden it looks like you have 900 viruses," he said.  <\/font><\/p>\n

The latest flavor of ransomware, described on Jan. 8 by security firm F-Secure<\/a>, doesn't disable all software, but it does something just as debilitating — it encrypts all the files on a victim's computer, and forces them to pay for decryption.  The program, which calls itself Data Doctor 2010, costs $89.<\/font><\/p>\n

RED TAPE WRESTLING TIPS<\/strong>
In some cases, researchers say, paying the ransom does work, at least initially. Still, it's a terrible idea to pay. On a grand scale, you've just subsidized a criminal. But there are far more practical concerns — why would you trust the author of ransomware with your credit card number?  Perhaps you think you'd never do this, but remember, the FBI says rogueware writers have made $150 million, so someone is paying up.<\/font><\/p>\n

If an unexpected antivirus dialog box lands on your computer screen, close the window immediately by clicking on the 'x' in the upper-right hand corner.  Don't use the "OK\/Cancel" buttons in the window — criminals often reprogram these.<\/font><\/p>\n

You may or may not be infected anyway — it's possible you are already the victim of a "drive-by download" that doesn't require user interaction. So run an antivirus scan, if you can.<\/font><\/p>\n

If the rogue software has actually taken over your computer, physically disconnect it from the Internet to avoid having your personal information sent back to the criminal. Then go to a different computer to search for solutions. Type in the name of the rogue software and search for information on well-known antivirus Web sites. Many antivirus firms offer free cleaners you can download or place onto a USB memory stick, and run on your infected computer.<\/font><\/p>\n

But maintain healthy suspicion at all times. Ransomware authors have gone so far as to create fake software reviews about their products and place them around the Internet, even stealing logos from reputable technology publications, says Harrison.<\/font><\/p>\n

"The idea is you search for information about the program and this turns up, and you figure it's ok so you install it," he said.  "Some of this is soft sell, some is very hard sell."
As always, it\u2019s never a good idea to follow links in e-mails when heading to Web sites \u2013 it takes an extra moment, but always click into your browser\u2019s address bar and manually type the address.<\/font><\/p>\n

 Become a <\/font><\/span><\/strong>Red Tape Chronicles Facebook fan<\/font><\/span><\/strong><\/a> or follow me at <\/strong>http:\/\/twitter.com\/RedTapeChron<\/strong><\/a><\/span><\/font><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/font><\/span><\/span><\/span><\/span><\/span><\/p>\n<\/p><\/p>\n","protected":false},"excerpt":{"rendered":"

  Courtesy PandaLabs  Turning hijacked computers into cash is still hard work for most computer criminals.  They've got to trick the infected PC into sending spam, then trick a recipient into buying a useless product — or they have to steal online banking passwords, log onto a victim\u2019s account, bypass the bank\u2019s money transfer fraud […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7],"tags":[],"class_list":["post-245362","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/posts\/245362","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/comments?post=245362"}],"version-history":[{"count":0,"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/posts\/245362\/revisions"}],"wp:attachment":[{"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/media?parent=245362"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/categories?post=245362"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/tags?post=245362"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}