Ransomware scammers push panic button with bogus claims
No sign that newest cyber extortion racket wipes Windows PCs' hard drives, says Symantec
Computerworld - Cyber extortionists shilling "ransomware" have upped the ante by pushing users' panic buttons with claims that their malware will wipe hard drives, a security firm said Monday.
The claim is bogus, said Symantec, and is simply a ploy by scammers preying on people's fears.
"This is an attempt to extort money from computer users by taking advantage of human weakness when under panic and pressure," wrote Symantec researcher Jeet Morparia in a Dec. 24 blog post.
Ransomware is a long-standing label for malware that, once on a personal computer, cripples the machine or encrypts its files, then displays a ransom note that demands payment to restore control to the owner. The technique, flatly called "an extortion racket" by Symantec last month, has been in use for at least six years. Until relatively recently, it was rare and ineffective and seen mostly in Eastern Europe.
The new ransomware variant, which Symantec identified as "Trojan.Ransomlock.G" but is called "Reveton" by other antivirus vendors, claims that any move to circumvent the lockdown will trigger disaster.
"An attempt to unlock the computer by yourself will lead to the full formatting of the operating system. All the files, videos, photos, documents on your computer will be deleted," the on-screen message reads.
Not true, said Morparia, who added that Symantec's analysis found no disk wiping capability in the malware's code. More importantly, Symantec was able to remove Ransomlock.G and unlock the machine without any formatting taking place or files deleted.
The new version also featured other changes, Morparia said, including a $100 price hike, from $200 to $300, to "unlock" the PC, and a fake deadline of 48 hours shown by an on-screen countdown timer.
Symantec credited a blogger nicknamed "Kafeine" for reporting the purported wiping skills of the ransomware. In turn, Kafeine tipped a hat to another security company, Trend Micro, for finding the variant on Dec. 10.
Ransomlock poses as a message from law enforcement, and adapts to its victims' locales: For example, U.S. users see a message supposedly from the Department of Justice's FBI, while German users see one allegedly from the Bundesamt für Polizei, Germany's federal police.
The messages claim that the user has violated one or more laws. Those posing as from the FBI, for instance, listed child pornography, copyright and software licensing laws, and alleged that the victim has been monitored -- including via the computer's built-in webcam -- viewing child pornography.
In November, Symantec released a report describing the rapid expansion of ransomware into Western markets from its Eastern European origins, and the millions criminals have reaped from their scams.
Morparia urged victims not to give in to the extortionists -- "DO NOT PAY THE RANSOM," he wrote, figuratively shouting with uppercase characters -- and instead told them to remove the malware. Symantec provides a free tool, Norton Power Eraser, that seeks out and destroys ransomware and other forms of "scareware," like fake antivirus software.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His email address is firstname.lastname@example.org.
Read more about Cybercrime and Hacking in Computerworld's Cybercrime and Hacking Topic Center.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Alert Logic for PCI DSS Compliance To achieve PCI DSS compliance, you must identify and remediate all critical vulnerabilities detected during PCI scans. Threat Manager streamlines this process by...
- Cybersecurity Imperatives Reinvent Your Network Security With Palo Alto Networks The Rise of CyberSecurity
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts