Holding Data Hostage: The Perfect Internet Crime?

Thousands of people will have their personal files held hostage this year, by software that uses virtually unbreakable encryption.

Every so often someone invents a new way of making money on the Internet that earns wild profits, attracts countless imitators, and reshapes what it means to be online. Unfortunately, such a shift took place last year in the world of online crime, with the establishment of sophisticated malicious software known as ransomware as a popular and reliable business model for criminals.

After infecting a computer, perhaps via an e-mail attachment or a malicious website, ransomware automatically encrypts files, which may include precious photos, videos, and business documents, and issues an electronic ransom note. Getting those files back means paying a fee to the criminals who control the malwareand hoping they will keep their side of the bargain by decrypting them.

The money that can be made with ransomware has encouraged technical innovations. The latest ransomware requests payment via the hard-to-trace cryptocurrency Bitcoin and uses the anonymizing Tor network. Millions of home and business computers were infected by ransomware in 2014. Computer crime experts say the problem will only get worse, and some believe mobile devices will be the next target.

Ransomware has been around for more than a decade. Older examples tended to be ineffective or relatively easy to defeat. But a new, more potent wave of ransomware emerged in late 2013 beginning with a version dubbed Cryptolocker. That malware infected Windows computers and in about 30 minutes would encrypt nearly all the data stored on them, as well as any external or network drives, locking up photos, music, and videos. Then it would display a message with a 72-hour countdown timer telling the victim to pay a fee (usually around $300) to retrieve the data. Step-by-step instructions explained how to send the money by buying bitcoins or using a prepaid debit card.

Cryptolocker was professional in its design, and it used an essentially unbreakable encryption system developed by Microsoft. At its peak, around October 2013, Cryptolocker was infecting 150,000 computers a month. And over the course of nine months, it is thought to have generated about $3 million in ransom payments.

The criminals behind Cryptolocker were taken down in June last year, after collaboration among the FBI, U.K. and E.U. law enforcement agencies, security companies, and academic researchers. Investigators broke into the network used to control the malware and uncovered a stash of encryption keys that were then used to create a free service to rescue data belonging to victims of the scam.

Because of the breakout, if temporary, success of Cryptolocker, the problem of ransomware seems sure to get bigger.

Uttang Dawda, a malware researcher with security company Fireeye, who worked on the Cryptolocker rescue tool, says computer criminals have identified ransomware as a valuable new business model. If well designed, it provides easier profits than stealing credit card details or banking information and then selling that data on the black market. The crooks get anonymity, faster profit, and dont have to spend time and money finding middlemen, Dawda says.

The most successful ransomware circulating today copies Cryptolockers basic design but adds technical and interface-design improvements.

Read this article:
Holding Data Hostage: The Perfect Internet Crime?