Recently, disturbing trends in cyber-attacks and Internet extortions have emerged. In one case, ransomware—malicious software that infects a host system unless the user pays for a serial or unlock code—cases have been on the rise, as reported by PC World. One new version of this threatens to alert law enforcement about child pornography if the program is allegedly place on the user’s computer, according to antivirus firm Sophos.
The malicious application, which is detected by Sophos antivirus as Troj/Ransom-HC, encrypts files on an infected computer. The encryption supposedly uses a 256 AES cipher, and the decryption key costs 3,000 euros, or about 3,800 USD (United States Dollars).
The ransomware produces an alert window with the following message every time a user attempts to open a file:
Your files has[sic] been descryptes[sic] using 256-bit Advanced Encryption Standart[sic]. To decrypt your files send us email with your ID to our special email: [REDACTED] or [REDACTED]
Because your computer has been hacked or someone spamming from your computer[sic]. You must pay a penalty within 96 hours otherwise we will send report to the Police with special password to decrypt some files which contain spam software and child pornography files. (This special password is only for this[sic] files, not for all of your files. Passwords for all your files we will send you only after payment[sic]). If first 48 hours will be ended you must pay 3000 Euro[sic].
Enter password for the encrypted file: ______________
As posted July 4, Graham Cluley wrote in his blog post, “Users whose computers are hit by the malware are told to respond with a unique ID number to a Gmail or Live webmail address for the password that will unlock their data…You can imagine how disturbing this could be to a computer user who did not have a reliable recent backup of their important documents, spreadsheets and databases.”
It is advised that targets do not pay the ransom. There is no guarantee that the cybercriminals will contact the police—such an action will expose the cybercriminals to apprehension and even a mildly competent police officer will be able to see through the scam—and paying the ransom may encourage the cybercriminals to demand a larger ransom.
An older form of ransomware is Total Security 2009, which blocked all access to everything on the infected computer unless you paid $79.95 for a serial number to unlock the program. All attempts to use the PC’s files without unlocking the program present a false message that the file is infected.
It is advised to have a full backup of all files ready as a remedy to ransomware.
Elsewhere, an U.K. Home Office official has warned that the Olympic Games will face an unprecedented level of cyber-terrorism. Based on the July National Security 2012 conference, Counter-Terrorism director Richard Clarke has stated that cyber-attacks will present the same level of potential disruption as physical attacks in previous games.
Clarke is quoted as saying, “The current threat level is at substantial and we recognize threat levels may change rapidly…With the scope to move to highest level of critical we will adapt to respond to changes and challenges. We remain vigilant against cyber issues in our preparation for Olympics…London 2012 is the biggest peace time security endeavor in the last 20 years. People are starting to realize the sheer scale and I think it’s staggering to see the amount of work that has been done.”