For years, I've pleaded with my clients and anyone else who'll listen to encrypt their confidential e-mails and computer files. But now, a new breed of hacker has emerged—one who surreptitiously encrypts your PC files and then demands money to decrypt them.
The idea of "ransomware" has been discussed among computer techies for over 20 years. But the first ransomware attacks occurred only a few years ago. In the last few months, though, they've been skyrocketing. The security firm Secure Science Corp. estimates that in the past eight months 152,000 victims have been infected.
If you've been a victim of a ransomware attack, the first thing you'll probably notice is that your PC runs much more slowly than it does normally—like "molasses in January," one victim called it. Next, you'll see text files appear on your desktop or in the "My Documents" folder. They're usually entitled "README.TXT" or something similar.
When you open the file, it will say something like this:
""Hello, your files are now securely encrypted using an unbreakable 4096-bit algorithm. If you try to decrypt them, they will be automatically wiped. The only way to decrypt them and avoid their destruction is to purchase our decryption key. The price is US$1,000. To make payment arrangements send an email message to hackerdude@netmail.ru."
As scary as ransomware sounds, it will probably never be as large a problem as "Trojan Horse" programs that silently take over your computer and steal your data without informing you of the intrusion. In addition, given the sophistication of global anti-money-laundering efforts, it would be difficult for ransomware programmers to receive ransom payments in an untraceable manner, especially over a period of weeks or months.
The most important precaution to dealing with ransomware is to back up your data daily. Also, since lazy ransomware programmers sometimes encrypt only the data on your desktop or My Documents files, it's a sensible precaution not to keep sensitive documents in these directories.
Ransomware typically arrives in files attached to e-mail messages, embedded into the messages themselves, or is downloaded using insecure instant messaging or peer-to-peer applications. To avoid being infected with ransomware (or other "malware"), beware clicking on links (or even opening) messages that look like spam (although many files containing malware have unsuspicious names or headers).
Also, while anti-virus software can't decrypt files that have been encrypted with ransomware, it can detect a Trojan Horse programs or other malware that may contain ransomware. So keep your anti-virus protection up-to-date and use a good firewall program such as Comodo to protect yourself.
Copyright © 2007 by Mark Nestmann
Comments