The 10 Biggest Security Risks You Don't Know About

Today's Best Tech Deals

Picked by PCWorld's Editors

Top Deals On Great Products

Picked by Techconnect's Editors

1 2 3 4 5 6 7 8 9 10 11 Page 10
Page 10 of 11

Your Data Held for Ransom

Danger level: Medium | Likelihood: Low | Target: Windows users

It sounds like a plot concocted by Austin Powers' nemesis, Dr. Evil: Get onto your victims' computers, kidnap their files, and hold the data hostage until they pay up. But such attacks, though rare, have occurred all over the world.

Cryzip, one early example of ransomware, searches for 44 different file types (such as Microsoft Word or Excel files) on a hard drive, and compresses them into a password-protected zip file. It then tells the victim to deposit $300 in one of 99 randomly selected e-gold accounts. Once paid off, the criminals provide the victim with the necessary password.

Arhiveus's curt extortion message.
Arhiveus's curt extortion message.

In May, another ransomware application, named Arhiveus came to light. Rather than of directing payment to a potentially traceable e-gold account, it instructed victims to buy prescription drugs from a specific online pharmacy and then send the order ID to the malware author as proof of payment.

"It looks like a Russian-based pharmacy that they're hosting in China," says Lurhq's Joe Stewart. "Appended to [the URL] is what looks like an affiliate ID--they probably get a cut." In his examination of both Cryzip and Arhiveus, Stewart found the necessary passwords to "free" the data embedded within the malware code itself, unencrypted.

Savvy users sometimes get lucky, too. Richmond Mathewson, a software developer from Plovdiv, Bulgaria, managed to rescue most of a friend's data after she found the entire contents of her 'My Documents' folder had vanished, taking with it all her work files, which she hadn't backed up. When he looked at the computer, Mathewson found the simple but chilling Arhiveus ransom note. He saved the day with his networked Mac Mini, a free undelete tool, and about 4 hours' labor. But he says the recovery wasn't complete: "To date, 5 percent of the files are still unrecovered."

Currently, ransomware isn't very sophisticated, and its scope is limited. Besides including the password with the program, Arhiveus dumps all the victim's files into one long file called "EncryptedFiles.als"--but doesn't actually encrypt it.

"The threat is very small to the average user at the moment," says Stewart. "I'd estimate [the number of ransomware infections] to be in the low thousands worldwide.... It doesn't serve these guys' interests to become widespread. If they keep it low-key, and target people who are powerless to do something about it, they're more likely to get paid."

But "this seems to be just the initial phase of the threat," Stewart adds. Like every type of attack, ransomware will evolve as criminals hone their approach. "With Arhiveus testing the waters of mixing ransomware with affiliate product purchases in shady online stores, it could be the start of something bigger."

How It Works: Extortion, Malware-Style

Illustration: Steven Lyons

  1. An unsuspecting user accidentally visits a rigged Web site, and the ransomware Trojan horse slithers into the PC.
  2. The ransomware zips up the entire contents of the My Documents folder into a password-protected file.
  3. The user gets a ransom note demanding money, or a purchase at a particular online store, in return for the password.


  1. If you're a victim, go to the police. Don't pay the ransom, and don't visit any links in the ransom note.
  2. Write down the details from any ransom notes or messages, and turn off the infected PC. From an uninfected PC, run a Web search using details from the ransom note. You may be able to find the password online.
  3. Try using an undelete program (ourDownloads section offers several free options) to recover your files. However, some files may not be recoverable at all.
1 2 3 4 5 6 7 8 9 10 11 Page 10
Page 10 of 11
Shop Tech Products at Amazon