X

Antivirus expert: 'Ransomware' on the rise

Kaspersky warns 2007 will bring increase in extortion schemes to encrypt your data and hold it hostage.

Graeme Wearden Special to CNET News.com
See full bio
Graeme Wearden
2 min read
SAN FRANCISCO--Online criminals are turning away from threatening companies with massive cyberattacks in favor of encrypting a victim's data and then demanding money to decrypt it, an antivirus expert has claimed.

Eugene Kaspersky, head of antivirus research at Russia's Kaspersky Labs, told the RSA Conference here Tuesday that the use of so-called "ransomware Trojans" is a key trend for 2007.

This malicious software infects a PC, encrypts some data and then displays an alert telling the victim to send money to get the decryption key needed to access their data again. Such malicious software isn't new. Early examples include Cryzip, discovered in March 2006, and GPCode, discovered in May 2005.

Cryzip and GPCode didn't cause massive damage, but Kaspersky believes cybercriminals will refine their use of ransomware Trojans this year. The final version of GPCode used a 660-bit encryption key, which should have taken a single powerful PC around 30 years to crack but was actually broken quickly by Kaspersky Labs, he said.

"We cracked it in 10 minutes," Kaspersky explained, "because this guy did not read the cryptographic book until the end. But if he does get to the end, antivirus vendors will not be able to decrypt and recover your data without help."

He also told the conference that distributed denial-of-service (DDoS) attacks--where a company's servers are bombarded with data in an attempt to drive it offline--are declining. This is partly because better filtering technologies have been developed that can strip out DDoS traffic before it reaches a corporate server. Another factor is the arrest of several people accused of extorting money from companies by launching a DDoS attack and demanding payment in exchange for stopping the attack.

"This is a dangerous kind of criminal activity, because the attack takes place before the money is transferred," Kaspersky said, explaining that victims of DDoS attacks have the opportunity to get the police involved before paying a ransom. One audience member pointed out that someone who falls victim to a ransomware Trojan could also get the police involved. However, Kaspersky said the police might not be very interested, as the ransom might be only $20 or $30.

Several U.K. online betting companies, including Betfair, were targeted with DDoS attacks in the summer of 2004. Later that year, nine Russian citizens were arrested over their alleged involvement in the crimes, and three were later sentenced to eight years imprisonment. However, the two suspected ringleaders are still at large.

Kaspersky said he is concerned that law enforcement is struggling to catch Internet criminals. "In 2004, there were around 100 arrests of suspected cybercriminals. In 2005, there were around 400. But last year, there were just 100. It seems that the stupid guys are being jailed, but the clever ones are still operating," he said.

Graeme Wearden reported for ZDNet UK in London.