Cybercriminals are using a new piece of malware to extort money from their victims by encrypting their files and threatening to alert authorities about child pornography being stored on their computers, according to security researchers from antivirus firm Sophos.
The malicious application, detected by Sophos products as Troj/Ransom-HC, falls into a category of malware called ransomware. As the name suggests, ransomware applications hold computers, or the files stored on them, to ransom.
Troj/Ransom-HC encrypts the files stored on infected computers, allegedly using the strong 256-bit AES cipher, and asks their owners to pay 3,000 euros — around US$3,800 — in order to receive a decryption key.
“Users whose computers are hit by the malware are told to respond with a unique ID number to a Gmail or Live webmail address for the password that will unlock their data,” Sophos senior technology consultant Graham Cluley said Wednesday in a blog post.
However, the cybercriminals behind this particular strain of ransomware take their extortion attempt even further and threaten victims that they will file a police report and provide authorities with a special password that can decrypt files containing spam software and child pornography.
“There may be nothing in the hackers’ threat of contacting the police and making accusations of child abuse material on your computer, but you can just imagine how petrified many people might be by seeing such a message,” Cluley said.
There have been cases in the past of people successfully proving that child pornography images found on their computers were the result of malware infections. However, the mere accusation of possessing such material can damage one’s reputation and social life, often irreparably.
“Of course, we don’t recommend paying money to ransomware extortionists,”Cluley said. “There’s nothing to say that they won’t simply raise their ransom demands even higher once they discover you are prepared to pay up,”
The best solution for users to protect themselves from ransomware threats is to regularly back up their data, install all security patches for their software and keep their antivirus up to date, Cluley said.