Hackers get Greedy - Ransomware on the Rise

It seems virus and spyware writers are getting greedier. Now they're not content just to infect computers - they're charging a ransom for their removal.

There was a time teenagers and college students would write viruses just to prove they could break through the security of some of the world's major software vendors. A while back spammers got into the act, hijacking systems to send out millions of emails, many of them phishing attacks trying to get unsuspecting users to hand over their internet banking details.

Of late, however, virus, trojan and spyware writers - including a number of "official" companies - have started trying to get paid directly by threatening, confusing and tricking users. I came across a particularly bad case of this last week, where I got up close and personal with a fairly new category of malicious software, known as Ransomware.

When working from the F18 Worlds last week, I was using a laptop belonging to the skipper of one of the official boats to post real time results from the course, which happened to be out in Great Keppel Bay. The laptop was running very slowly, and trying to load up websites using the otherwise fast NextG service from Telstra. After a bit of poking, I realised there was a lot of nasty processes running on the machine.

While there was probably more than one piece of spyware or other malware (short of malicious software, including viruses, trojans, etc) running on poor Allan's laptop, one persistent and particularly nasty fellow caught my attention. It popped up from the taskbar every 30 seconds, warning me that the computer was compromised, and when I clicked on the yellow balloon - the same sort of helpful balloon that tells me I've got too many icons on my desktop, or that Outlook is getting the latest data from Exchange - it loaded up a website for SpyDawn - coverage of this nasty product in more detail here - and asked me to purchase the software to remove the virus.

Effectively, this software had installed itself - either through an infected attachment or from a parasite attached to some other program Allan had installed - and then badgered the user with false messages about a security breach which could only be remedied by paying a fee. This software, and other programs that modify your system and require you to pay to get control back are generally known as Ransomware.

If you ever have a program warning you to take an action to protect your system, and it throws you to a page asking you to purchase the software to use it, don't! Some legitimate shareware takes this approach - it helps you diagnose a problem and then asks you to register to clean things up - but you generally shouldn't ever need to do this, as there are free and reliable alternatives out there:

  1. To remove viruses, visit http://housecall.antivirus.com - it is a trustworthy site run by TrendMicro, and will scan and clean your machine for free without having to download a special program.
  2. To remove spyware, download and install Windows Defender, a product from Microsoft that's free to Windows users.

While there have always been criminal elements trying to steal and extort, the internet and computers have made it much easier for con artists and thieves to trick users into giving them money or access. As always, never install software if you don't know where it came from, be very suspicious of email attachments - particularly ones ending in .exe - and make sure you use up-to-date anti-virus software and a firewall.

Comments (0)

No one has commented on this page yet.