Login:
Password:
Lost Password?
Print this article  |  E-mail this article  |  Comment on this article

'Ransomware' Becoming a Serious Problem

By Ed Oswald, BetaNews

July 24, 2006, 8:07 PM

Occurrences of ransomware are on the rise, and the encryption algorithms used are becoming increasingly complex, security firm Kaspersky Labs warned Friday in its quarterly report on the state of the malware industry. The firm said incidences of ransomware reached a peak in the second quarter of 2006, after first appearing in the beginning of 2004.

Initially, those responsible used simple encryption to hold files at ransom. In more recent incarnations RSA encryption has appeared and hackers are using more complex ways of password-protecting and hiding corrupted files. Kaspersky says attackers and anti-malware companies are now locked in a cat-and-mouse battle, where researchers crack the code, and attackers respond back with more complex methods.

The most recent variant of the Gpcode ransom virus featured a 660-bit key, which researchers said could take as much as 30 years to break using a 2.2 GHz computer. However, based on past research Kaspersky was able to break the code and add protection to its anti-virus files.

"I won't go into details here; suffice it to say this particular decryption will go down as a milestone in computer virology," Senior Virus Analyst Alexander Gostev wrote. While the Russian site that was launching these attacks has since shut down, Gostev warned that new variants could appear at any time.

While Kaspersky was able to crack these codes, researchers say the encryption methods are reaching the limits of modern cryptography. Future incarnations could be unbreakable, forcing those infected to pay the ransoms necessary in order to unlock their files. Gostev urged antivirus companies to act proactively to protect their users.

Those who created Cryzip and Krotten, the most common ransomware techniques, still have not been apprehended. However, even if they are caught, their work could live on through other attackers who will build on the work they have created.

"RansomWare will undoubtedly remain a major headache for the antivirus industry, at least in the near future," Gostev said.

Add a Comment (35 Comments)

BetaNews reserves the right to remove any comment at any time for any reason. Please keep your responses appropriate and on topic. Foul language and personal attacks will not be tolerated.

Name (required):

E-mail (required):

Enter Your Comment:

By deminicus

posted Jul 25, 2006 - 8:31 AM

lol sooner or later someone will a create spinoff distributed computing screensaver that will help people find the key to their locked files. It would probably follow FIFO queue unless you donate via pay pal or something.

Score: 0

By wincement

posted Jul 25, 2006 - 6:15 PM

...that's not a terrible idea, actually.

Score: 0

By Mark Gillespie

posted Jul 25, 2006 - 3:29 AM

This really is an avoidable trap and anyone falling into this only has themselves to blame.

1/ Backup your important data regularly.
2/ Dont accept files from untrusted sources.
3/ Have a decent, uptodate AV installed.

Score: 0

By xyzcb1

posted Jul 25, 2006 - 9:58 AM

"Dont accept files from untrusted sources."

If everyone out there can distinguish the difference from there "trusted" and "untrusted" source, there will not be so much "vulnerable" in many of the software out there.

Score: 0

By Joe Dirt

posted Jul 25, 2006 - 9:23 AM

Exactly.

If this ever happened to me I would just Ghost my machine with the image of my latest backup. I ghost my machine like 2-3 times a week. It's automated. :)

Score: 0

By Secret Agent Man

posted Jul 25, 2006 - 10:04 AM

Unfortunately, not everyone has the technology and/or finances to implement such backups. I'm getting a DVD-RW drive soon, and plan on backing up my "important" data (web site development files mostly), but I tend to only browse the same set of web sites. In addition, I use Firefox with Adblock+, FilterSet, and NoScript. Plus, I only accept cookies manually. Now, not everyone is going to browse this way (pointing to the millions of people who don't use the Internet all that much). The problem are with people who don't know much about the Internet and Computers; those who can't distinguish between trusted and untrusted sources. All it takes is one file.

Score: 0

By kholdstare

posted Jul 25, 2006 - 11:33 AM

lo, if they can afford a computer they can afford the technology. or better yet if they afford an internet connection they can afford to do this too

Score: 0

By PC_Tool

edited Jul 25, 2006 - 10:35 AM

One 160GB IDE Hard Drive: $60
(http://www.mwave.com/mwa...c.hmx?scriteria=AA23950)

One External IDE -> USB HDD Enclosure: $20
(http://www.mwave.com/mwa...c.hmx?scriteria=BA30026)

One copy of Norton Ghost V.10: $70
(http://www.mwave.com/mwa...c.hmx?scriteria=3718490)

Never having to re-install Windows or worry about losing your data? Priceless.

Heh...

Of course, I'll stick to my Dell 2500 PowerEdge File Server, but not everyone gets one of those for free. ;)

Score: 0

By Joe Dirt

posted Jul 25, 2006 - 11:29 AM

My thoughts exactly.

Score: 0

By crashoverride

posted Jul 25, 2006 - 1:28 AM

"Those who created Cryzip and Krotten, the most common ransomware techniques, still have not been apprehended."

Still not caught eh. Well if they ever do catch my suggestion is shoot them in the head. Get these shmucks on out of the way.

Score: 0

By Silentmaster101

posted Jul 25, 2006 - 4:15 PM

you mean castrated? i think that would make a nice example. hell lets go the whole nine yards and make them addicted to heroine and dump them in cuba too.

Score: 0

By morriscox

posted Jul 27, 2006 - 3:15 PM

I think most guys are addicted to heroines anyways. :D

Score: 0

By mjm01010101

posted Jul 24, 2006 - 9:37 PM

WGA is a form of ransomeware.

Pay the price, or migrate off windows.

Score: 0

By Mark Gillespie

posted Jul 25, 2006 - 3:27 AM

Crybaby pirate.. Go pay for Windows like the rest of us, and WGA will go away,..

Score: 0

By sjc001

posted Jul 25, 2006 - 6:06 AM

WGA only affects those with legit copies of Windows. Pirates easily bypass it, just like activation.

It has caused a lot of false positives for many legit users. Its Microsoft saying that we can't be trusted and MUST be watched all of the time because at any moment we MAY ditch our legit copy and go for an illegal one. Do you like being called a thief even when you aren't one?

Score: 0

By Metshrine

posted Jul 25, 2006 - 7:51 AM

Wow, you are wrong. Microsoft isnt worried we might ditch our copy and go to an illegal one. They are worried about the people who get their pc from some ma and pop shop (or some just out of high schooler's pc shop) and they have put an illegal copy on there.

Plus, I've only noticed pirates whining about this because now they have to do extra work on their copy to get it to work.

Score: 0

By ZenWarrior

posted Jul 25, 2006 - 8:56 AM

Once again, I'm "whining" and every single piece of software on my computers is paid for. Also, every piece of share- or donationware has been acknowledged with a cash payment to its author(s). Be perfectly honest and admit that is not at all the case on your computers, especially regarding share- or donationware.

Now, who's casting stones? Get a clue. It's about individuals' rights to both their property and their privacy. ('Tis a good thing some people did not draft the U.S. Constitution. Time has shown just how wise our founding fathers were. Too bad others cannot see that.)

Score: 0

By Bogunch

posted Jul 25, 2006 - 9:13 AM

Read the License! The software is NOT your property!!!

Score: 0

By sjc001

posted Jul 25, 2006 - 10:02 AM

Just as a house isn't yours either when you pay either rent or have a mortgage. Does the landlord, or banker, have a right to enter your home whenever they feel like it?

Score: 0

By Silentmaster101

posted Jul 25, 2006 - 4:16 PM

well if you rent then yes they can come in at anytime.

Score: 0

By Grazer

posted Jul 25, 2006 - 6:22 PM

See my comment below. In Las Vegas, it requires 24 hour notice unless maintenance is required inside the apartment. I used to work for an apartment complex

Score: 0

By Grazer

posted Jul 25, 2006 - 3:03 PM

Not whenever they feel like it, but they do have the right. How much notice they must give varies based on local laws.

Score: 0

By PC_Tool

posted Jul 25, 2006 - 10:20 AM

Comparing software to a home.

Good one.

Ask your teacher to explain the difference to you when you get back to school, mmmkay?

Score: 0

By sjc001

posted Jul 25, 2006 - 1:04 PM

Both are forms of property used through a contract....

Score: 0

By PC_Tool

posted Jul 25, 2006 - 2:02 PM

Yeah.

Just ignore the fact that one contract allows for one set of conditions and the other for an entirely different set.

Are you really that dense, or just stubborn?

Score: 0

By bassrck4

posted Jul 25, 2006 - 11:29 AM

mmmkay!

Score: 0

By Banquo

posted Jul 24, 2006 - 11:41 PM

So you are saying you shouldn't have to pay for Windows? That is really stupid. Oh boo hoo, my pirated copy of Windows won't let me update it if I don't pay for it, boo hoo.

Score: 0

By wincement

posted Jul 24, 2006 - 10:00 PM

Go spout your anti-MS BS on a Mac forum. It's bound to be more welcome there.

Score: 0

By Silentmaster101

posted Jul 25, 2006 - 4:18 PM

nah macs are just first generation, fancified pc's

Score: 0

By dhjdhj

posted Jul 26, 2006 - 9:17 AM

Try using a recent Mac! The UI is living on top of BSD Unix - that's not "first generation PC"

Score: 0

By The MAZZTer

posted Jul 24, 2006 - 8:33 PM

...and there's no guarantee you'll even get your files after you pay the ransom.

The best way to protect yourselves from virii is to not get infected in the first place. Surf safe everyone. :)

Score: 0

By Banquo

posted Jul 24, 2006 - 11:42 PM

Seems like it would be really easy to catch these idiots if they actually want you to send money to them.

Score: 0

By Maestr0

posted Jul 24, 2006 - 8:32 PM

That is interesting. One of the PC magazines I read (can't remember which) had an article about ransomware. They said in their experience, the actual password was hidden in the malware and was very easy to crack.
Either someone is wrong, or someone is trying to drum up Anti-Virus business.

Score: 0

By The MAZZTer

posted Jul 24, 2006 - 8:34 PM

That was only the first incarnation. It used a single hard-coded password for all encryptions which made it easy to recover by researchers.

Score: 0

By burfadel

posted Jul 24, 2006 - 10:41 PM

People write viruses for the most common operating systems. If everyone went to Linux, Beos, Mac etc etc they will be the ones targetted instead. Be realistic!

Score: 0

Jul 7 - 10:53 AM ET Apple cuts price of MacBook Air with SSD by $500

Jul 3 - 6:45 PM ET Netflix box by Roku to get more content providers

Jul 3 - 6:30 PM ET US Justice Dept. sued for info on cellular tracking practices

Jul 3 - 6:27 PM ET Next Patch Tuesday has few security updates, big Vista reliability fix

Jul 3 - 5:49 PM ET BlackBerry Pearl users can test voice input for Google Maps

Jul 3 - 5:30 PM ET Adobe pushes its Flash 10 beta 2 refresh

Jul 3 - 4:39 PM ET Nokia and InterDigital start to disassemble their running feud

Jul 3 - 4:34 PM ET Do-it-yourself phone manufacturer declares its independence tomorrow

Jul 3 - 4:16 PM ET Study: US broadband access up overall, but down among the poor

Jul 3 - 3:54 PM ET Beta test a portable Web browsing device