Symantec has reported in an article titled- Ransomware: A Growing Menace that at least three percent (3%) of ransom victims have been defrauded into making ransom malware payments to cybercriminals, making the malware ransom crime to reach high magnitudes.
According to the report, the ransomware has as many as 16 viral strings, all of which are controlled by various gangs of cybercriminals (mainly based in Russia). Investigations have been conducted reviewing how the ransomware is being operated and how the control servers are being compromised. The investigation revealed that at least 68,000 computers have been infected by this malicious virus. The monetary demands range anywhere from $50.00 to $200.00 If as many as three percent (3%) of the victims paid to have their services restored in a single month, this could have earned the cybercrimals as much as $394,000.00 (US dollars) for that month. With this type of revenue, cybercriminals could potentially scam victims up to over $1,000,000.00 per year.
Reveton, a newly created Trojan ransomware program coerces targeted victims into paying bogus fines. What makes this program unique is that instead of just using pop-ups or displaying messages, the program will actually use a pre-recorded voice message saying that the memo is from a law enforcement agency. Because the ransom appears to be valid and from a police agency, the ransom malware is also referred to as “police ransomware”. Often, the message indicates that the User is loading illegal data on their computers and they are being fined. If infected, the program can prevent you from further using your computer and will lock it until the ransom has been paid.
The Reveton malware is part of a malevolent ransomware that has the ability of encrypting files and will demand monetary funds to be paid. Once the funds have been received, the perpetrator ‘claims’ that they will restore your computer system and it will be returned to its customary settings. Remarkably, until recently, there has been minor involvement from security vendors in protection from this type of infection. A Trend Micro research manager, Ivan Macalintal stated on a blog post that, “The user won’t need a translator to understand what the malware is saying — it speaks the language of the country where the victim is located.”
The malware has also victimized as many as thirty (30) businesses in Australia. These businesses include: insurance companies, retail sales, and medical businesses just to name a few. While many of the companies that were ordered to pay the fake fine obliged and paid via Western Union (or other methods) in fear of losing their data or wanting to remain anonymous, other businesses contacted their local police to conduct further investigations.
David Harley, an antivirus senior researcher at ESET (software antivirus protection) stated, “There has been the occasional instance of malware with sound effects…… However, malware with a regionalized, quasi-personalized voice message is new on me.” He also indicated that due to the accent of the message, many individuals may find the message to be somewhat intimidating especially if it is appearing as a message from the FBI (Federal Bureau of Investigations).
Harley, as well as other antivirus researchers are advising individuals to not submit to the cybercriminals demands as there is nothing that is guaranteed that the criminal will restore or unlock your computer. This would not only cause you to be out of ransom money, but the cost of reconfiguring or the buying of a new computer as well. In the majority of the cases, the victim pays the ransom never to hear from the criminal again.
In May 2012, the first ransom cases were reported in the U.S. and Canada by computer users. By November 2012, a partnership between the Federal Bureau of Investigation (FBI), the National White Collar Crime Center (NW3C), and the Internet Crime Complaint Center (IC3) issued an alert that Reveton was being spread as a Trojan program and was using IC3′s name in its scoundrel alerts.
As these ransom scams continue to rise, so does education and awareness on prevention, detection and the steps to take once the ransom has been identified. Unfortunately, the more users are educated, criminals are simultaneously developing a more sophisticated method to hack into your computer and prevent you from removing the virus.
Series of Events
If you receive this type of virus or malware ransom, it recommended that you either contact your antivirus vendor helpdesk or download an antimalware application capable of detecting and safely removing such a malicious threat.
Automatically Detect and Remove Ransomware: