Forget malware infections, hackers want to ransom your files and devices

by Lee Mathews (RSS feed) Nov 3rd 2009 at 5:00PM

These days, cybercriminals seem to have one thing on their mind: your money. Gone are the days where a virus would simply infect your .exe files and make your system hard - or damn near impossible - to use.

It's bad enough that the bulk of the malware and malicious web scripting we're confronted with on daily basis wants to trick us into installing rogue antivirus software - which tries to trick users into paying to register the useless scareware. Now, they're moving up to hostage taking.

Yep. Digital hostages could be the next big thing in cybercrime, whether it be your iPhone or your important .DOC files.

Ars Technica reported recently about one hacker who exploited vulnerabilities in jailbroken iPhones to gain access, alter the lockscreen to display the warning in the screenshot, and ask for €5 to leave users alone. He also promised to provide a link to instructions on how to prevent this particular hack.

In this particular case, the hacker had a change of heart and has now posted said removal instructions at no charge. If we hear about one, chances are good there are dozens more - many of whom won't show this kind of courtesy after-the-fact.

iPhone aren't the only thing under attack. Computer Associates have discovered a new ransomware variant called LoroBot which targets a PC user's data - specifically doc, xls, zip, mp3, txt, docx, xlsx, and others. Once a system has been infected, the malware then goes to work encrypting those files so you can no longer access them.

The only way to gain access again? Why, to pay the piper, of course. $100 will get you the necessary file to undo the encryption. Fortunately, CA has also provided a tool to do it for free (download here) if you've been victimized. Rogue antivirus apps were once fairly uncommon and now they're everywhere. Could ransomware be the next big thing?

One thing is for sure: if you're running Windows you're using the most popular OS in the world - and because of its massive market share, it's the number one target for malware. Make sure your system is fully updated and you're running a good antivirus app.

Tags: ransom, ransomware

Reader Comments (Page 1 of 1)

Peter said 7:01PM on 11-03-2009

Just another reason why you need a good set of backups.

blaszta said 9:06PM on 11-03-2009

"..exploited vulnerabilities in jailbroken iPhones.."
I think the problem is ignorance of the user, not the jailbreak procedure it self.

Standard jailbreak procedure won't install & activating SSH service. If the user know to add & activating SSH service, he should at least know what is SSH first (whether he knows or not that the default root password of any iPhone is alpine). And if you activate SSH, at least change the default root password using "passwd" command at terminal.

That's basic concept at *nix world, but not many people (at least iPhone jailbreak users) know it.

enerGI said 6:29AM on 11-04-2009

Pffftt hackers and the like wanting my hard earned can go and get stuffed, but they only need a small percentage of people dumb enough to pay up to make some good $$$. Fools and their money are soon parted.

Beth Jones said 2:16PM on 11-06-2009

We talked about this here:

http://www.sophos.com/blogs/gc/g/2009/11/03/hacked-iphones-held-hostage-5-euros/

As we stated in the article, the hacker did take down the link and reportedly returned the money. But the concept has been proven.

We've seen this tactic before. Back in 2006 we saw a Trojan that
encrypted the contents of My Documents and then dropped a file that had
"instructions" on how to get your stuff back. It usually involved
sending money or buying stuff from a CanPharm page. Here's the post if
you are interested:
http://www.sophos.com/pressoffice/news/articles/2006/06/arhiveus.html

and here's the money tactic:
http://www.sophos.com/pressoffice/news/articles/2006/03/zippo.html

Add your comments

Your comments:

Remember me

E-Mail me when someone replies to this comment

Please keep your comments relevant to this blog entry. Email addresses are never displayed, but they are required to confirm your comments.

When you enter your name and email address, you'll be sent a link to confirm your comment, and a password. To leave another comment, just use that password.

To create a live link, simply type the URL (including http://) or email address and we will make it a live link for you. You can put up to 3 URLs in your comments. Line breaks and paragraphs are automatically converted — no need to use <p> or <br /> tags.

Featured Time Waster

The World's Hardest Game 2.0 - Time Waster

So, just how good at time waster games are you? Think you've got the stuff? Well, The World's Hardest Game 2.0 doesn't think you do. Yes, amazingly, it's possible to have a sequel to a game called "The World's Hardest Game". It doesn't seem logically possible, since if the first one was actually the world's hardest, how could another one come along and share the moniker? It made me doubt the name in the first place. That is, until I tried the game. The mechanics of the game are very simple. You are a small red square, ...

View more Time Wasters

Featured Galleries

Defective by Design, London: Protest Pictures

Download Squad at the Crunchies After-Party

Android First-look: Amazon.com MP3 Store

Latest Jobs from Download Squad Jobs

Post a Job

Flickr Pool

www.flickr.com

Download Squad bloggers (30 days)

#	Blogger	Posts	Cmts
1	Jay Hathaway	108	5
2	Lee Mathews	76	23
3	Sebastian Anthony	67	248
4	Brad Linder	35	4
5	Jason Clarke	23	0
6	Dolores Parker	7	2
7	Grant Robertson	6	2
8	Nik Fletcher	5	0
9	Victor Agreda, Jr.	5	1
10	Matt Heerema	3	2
11	Paul O'Brien	2	0
12	John Burke	2	0
13	Download Squad Staff	1	0

More Tech Coverage

Control Shift It's all about the experience
Somewhat Frank Perspectives on tech as it fuses in everyday life
Switched Gadgets, web news and commentary
Urlesque Exposing bits of the web

Download Squad