Cybercriminals gangs are creating a surge in ransomware, says a new report from Symantec.
Ransomware is a type of malware best described as an online extortion racket. Malware locks or disables your PC in some way and then demands payment in the form of a "fine" to render your PC usable again. Like most scams, the ransomware message claims to come from a legitimate organization, such as the government or a public corporation, to try to convince victims that they did something wrong to incur the fine.
But paying the fine does nothing since the initial malware remains on the PC and must still be manually removed.
This scam has risen in popularity over the past several years, but 2012 witnessed an increase in both the number and variety of ransomware campaigns, Symantec said in its report. That growth is due largely to a upsurge in the number of worldwide criminal gangs using this scheme to make a buck.
"From just a few small groups experimenting with this fraud, several organized gangs are now taking this scheme to a professional level and the number of compromised computers has increased," the report noted. "Symantec has identified at least 16 different versions of ransomware."
One malware investigation mentioned in the report discovered 68,000 affected computers in a single month. Another one caught a Trojan attempting to infect 500,000 PCs over the course of just 18 days.
Criminals go where the money is, and ransomware can be a cash cow. As much as 2.9 percent of all people affected by ransomware end up paying the ransom, Symantec said. Criminal gangs have stolen more than $5 million a year from unsuspecting victims, according to one estimate, however, Symantec believes the dollar amount to be much higher.
Though a variety of different gangs are active, many get their ransomware from the same source, the report said. A single individual, who remains unknown, seems to have a full-time job of developing ransomware to fill requests from the criminal gangs.
One of ransomware's weaknesses is that it's usually obvious, Symantec noted. Many users who receive such messages simply scan their PCs, which then removes the Trojan associated with the ransomware.
But as more users fail to fall for the scam, the criminal gangs may simply fine-tune their methods of attack.
"As awareness of these scams increases, the attackers and their malware are likely to evolve and use more sophisticated techniques to evade detection and prevent removal, the report said. "The 'ransom letter' will likely also evolve and the attackers will use different hooks to defraud innocent users."