Kaspersky Predicts Ransomware Threats For 2007
'Ransomware Trojans' would be the key trend of cyber crime in 2007, said Eugene Kaspersky, head of anti-virus research at Russia's Kaspersky Labs. In addition to phishing, pharming and other frauds, the latest threat is ransomware extortion scheme.
Ransomware attackers use malicious code to capture user files, encrypt them and then demand lump-sum charges for supplying the decryption key. Such malware have been emerging from the past like Cryzip, and the GPCode.
These codes didn't create too much damage. But this year cyber criminals will use ransomware trojans with greater sophistication, believes Kaspersky. The last version of GPCode applied a 660-bit encryption key, which a powerful PC would have taken 30 years to crack. However, Kaspersky Labs decrypted it quickly, said Kaspersky in a statement for ZDNet publication on February 7, 2007.
Web-filtering software vendor, Websense documented one of the earliest recorded instances of ransomware in May 2005. When a panicked user made a call it showed the swiftness and intensity of the attack. The user suddenly found all the files on his computer in a format that made them illegible. There was only one legible file called "Important". It contained the attacker's instruction to the computer owner to contact via e-mail to obtain the decoder key. When the victim did so he received a note asking for $200. A potentially mischievous trick turned into a severe crime.
Kaspersky explained this was a dangerous crime because the attack happens even before the money can be wired. In the case of 'Distributed Denial of Service' attacks victims have the scope to involve police before paying the ransom. But if anyone falls for a ransomware Trojan, he or she might not get the police's interest as such ransoms usually range between $20 and $30.
Kaspersky said he was concerned by the rate at which law enforcement was catching Internet criminals. In 2004 they arrested 100 suspected online criminals. In 2005 the figure was around 400 but in 2006 it was only 100. It seems these arrests and resultant jail punishments were for only the stupid guys while the clever ones continued to operate, he said.
Related article: Kaspersky Released Malware Statistics for September 2008
» SPAMfighter News - 15-02-2007