Extortion, blackmail and ransom requests have always been cornerstones of criminal activity. In today’s global internet economy, criminals are adapting their techniques by attempting to extort money from people using “Ransomware.”
Ransomware is a type of malicious software used by cybercriminals that’s designed to extort money from their victims, either by encrypting data on the disk or by blocking access to the system. Ransomware is commonly installed by triggering a vulnerability in the victim’s computer, which is generally exploited by users inadvertently opening a phishing email or accessing a malicious website that was created by the attackers. In March, Kaspersky Lab’s experts found Ransomware attachments being sent out in phishing emails from attackers claiming to be from popular online booking services:
Once the program is installed, it will encrypt the disc of the victim’s computer or block access to the system while leaving a “ransom” message that demands a fee in order to decrypt the files or restore the system. This will appear the next time the user restarts their system. Essentially, the attackers are holding your computer hostage and are trying to extort money from you in exchange for letting you access your computer – however – it’s important to understand you won’t regain access to your system even if you pay the “ransom” money. It’s a scam.
Example of Ransomware notification that appears when the computer is rebooted
Ransomware is increasing in popularity worldwide, although the ransom messages and scams for extorting money will differ based on geography. In countries where piracy is common, such as Russia, Ransomware programs that block access to the system often claim to have identified unlicensed software on the victim’s computer and ask for a payment.
In Europe or North America, where software piracy is less common, this approach is not as successful. Instead, popup messages from fake law enforcement agencies will appear that claim to have found child pornography or other illegal content on the computer. This is accompanied by a demand to pay a fine.
Ransomware Posing as Department of Justice
Ransomware Notification Fraudulating as Federal German Police (BKA)
In order to avoid being infected with Ransomware, ensure you’re running a quality internet security solution on your computer that identifies vulnerabilities and uses a high level of exploit detection.
If you’re computer is already infected by Ransomware, Kaspersky Lab specialists’ designed a special utility: Kaspersky WindowsUnlocker. The utility can be launched when your computer is started from Kaspersky Rescue Disk 10. Follow the steps outlined in Kaspersky Lab’s support page to install Kaspersky Rescue Disk and Kaspersky WindowsUnlocker for the complete removal and remediation process.