Today's Best Tech Deals
Picked by PCWorld's Editors
Top Deals On Great Products
Picked by Techconnect's Editors
Your Data Held for Ransom
Danger level: Medium | Likelihood: Low | Target: Windows users
It sounds like a plot concocted by Austin Powers' nemesis, Dr. Evil: Get onto your victims' computers, kidnap their files, and hold the data hostage until they pay up. But such attacks, though rare, have occurred all over the world.
Cryzip, one early example of ransomware, searches for 44 different file types (such as Microsoft Word or Excel files) on a hard drive, and compresses them into a password-protected zip file. It then tells the victim to deposit $300 in one of 99 randomly selected e-gold accounts. Once paid off, the criminals provide the victim with the necessary password.
In May, another ransomware application, named Arhiveus came to light. Rather than of directing payment to a potentially traceable e-gold account, it instructed victims to buy prescription drugs from a specific online pharmacy and then send the order ID to the malware author as proof of payment.
"It looks like a Russian-based pharmacy that they're hosting in China," says Lurhq's Joe Stewart. "Appended to [the URL] is what looks like an affiliate ID--they probably get a cut." In his examination of both Cryzip and Arhiveus, Stewart found the necessary passwords to "free" the data embedded within the malware code itself, unencrypted.
Savvy users sometimes get lucky, too. Richmond Mathewson, a software developer from Plovdiv, Bulgaria, managed to rescue most of a friend's data after she found the entire contents of her 'My Documents' folder had vanished, taking with it all her work files, which she hadn't backed up. When he looked at the computer, Mathewson found the simple but chilling Arhiveus ransom note. He saved the day with his networked Mac Mini, a free undelete tool, and about 4 hours' labor. But he says the recovery wasn't complete: "To date, 5 percent of the files are still unrecovered."
Currently, ransomware isn't very sophisticated, and its scope is limited. Besides including the password with the program, Arhiveus dumps all the victim's files into one long file called "EncryptedFiles.als"--but doesn't actually encrypt it.
"The threat is very small to the average user at the moment," says Stewart. "I'd estimate [the number of ransomware infections] to be in the low thousands worldwide.... It doesn't serve these guys' interests to become widespread. If they keep it low-key, and target people who are powerless to do something about it, they're more likely to get paid."
But "this seems to be just the initial phase of the threat," Stewart adds. Like every type of attack, ransomware will evolve as criminals hone their approach. "With Arhiveus testing the waters of mixing ransomware with affiliate product purchases in shady online stores, it could be the start of something bigger."
How It Works: Extortion, Malware-Style
- An unsuspecting user accidentally visits a rigged Web site, and the ransomware Trojan horse slithers into the PC.
- The ransomware zips up the entire contents of the My Documents folder into a password-protected file.
- The user gets a ransom note demanding money, or a purchase at a particular online store, in return for the password.
- If you're a victim, go to the police. Don't pay the ransom, and don't visit any links in the ransom note.
- Write down the details from any ransom notes or messages, and turn off the infected PC. From an uninfected PC, run a Web search using details from the ransom note. You may be able to find the password online.
- Try using an undelete program (ourDownloads section offers several free options) to recover your files. However, some files may not be recoverable at all.
Walmart Promo Code
Walmart promo code for an additional $10 off grocery app orders
Free $15 gift card with baby purchase - Target offer
Home Depot Coupon
Sign up for email and get a $5 Home Depot code
eBay coupon code: 20% off $50+
Sign up today for 15% off Overstock coupon
Extra 25% off fine & fashion jewelry