Update: Moscow police investigate alleged ransomware gang

Russian police are reportedly investigating a criminal gang that installed malicious "ransomware" programs on thousands of PCs and then forced victims to send SMS messages in order to unlock their PCs.

The scam has been ongoing and may have made Russian criminals millions of dollars, according to reports by Russian news agencies. Russian police seized computer equipment and detained a Russian "crime family" in connection with the crime, the ITAR-TASS News Agency reported Tuesday.

Russian-language reports say that 10 people are expected to be charged and that tens of thousands of Russian-language victims were hit by the scam, which also affected users in Ukraine, Belarus and Moldova.

The criminals reportedly used news sites to spread their malicious software, known as WinLock, which disables certain Windows components, rendering the PC unusable, and then displays pornographic images.

To unlock the code, victims must send SMS messages that cost between 300 rubles ($9.72) and 1,000 rubles.

The scam may have hit as many as 1 million PCs in the Russian-speaking world, according to Sergey Golovanov, a malware analyst with Russian antivirus vendor Kaspersky Lab. "The bad guys are paying $3 per infection to anyone who agrees to spread this malware through blogs, banners, exploits, botnets, etc." he said in an e-mail interview.

The scam has worked so well, because in many former Soviet-bloc countries telecommunication companies make it very easy for criminals to anonymously register the kind of paid phone numbers used to pay the ransom, Golovanov said. And communication companies are happy to take their 50% cut of these SMS charges. "It's a big problem and in my opinion no one wants a solution in this case," he said.

Usually victims who pay the ransom do get their PCs unlocked, but there's no guarantee. Victims could very well have their hard drives deleted after they make the payment, Golovanov said. "It all depends on the bad guys."

Security experts have tracked this type of software for more than a year now, but in most of the world it rarely shows up, according to Dave Marcus, director of McAfee Labs security research communications.

The software is not considered to be a very sophisticated threat, he said. "It's just locking your screen with a password you don't know, which is not that sophisticated when you get down to do."

Robert McMillan covers computer security and general technology breaking news for The IDG News Service. Follow Robert on Twitter at @bobmcmillan. Robert's e-mail address is robert_mcmillan@idg.com


Copyright © 2010 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon