Debunking email hoaxes and exposing Internet scams since 2003!

Hoax-Slayer Logo Hoax-Slayer Logo

Home    About    New Articles    RSS Feed    eBook    Contact
Bookmark and Share

Ransomware Holds Your Files Hostage

Imagine that one morning you go to your computer to start work only to find that all of your important files have been locked and you cannot access them. You then receive a message via email or a Windows PopUp that instructs you to send money or buy specified products in return for a password to unlock your files. In some cases, the message warns that files will be periodically deleted until such time as the hijacker's demands are met. In other words, your files are being held hostage and will only be released "alive" if you pay the ransom.

This scenario may sound a little far-fetched, but several such attacks were reported during 2006. Computer users may become victim to one of these attacks after they inadvertently install a trojan horse program from a seemingly innocent website or by opening an email attachment. Once executed, the malicious program, dubbed "ransomware", may trap files inside a folder that can only be accessed by entering a password held by the scammer.

Once such trojan, called Archiveus, locked the "My Documents" folder on the infected computer behind a 30 digit password. Victims were instructed to buy drugs from an online pharmaceutical website to retrieve the password. Computer security experts soon uncovered the password from within the malicious code and published it online so that victims could unlock files without complying with the scammer's requests. Another ransomware trojan, called CryZip imprisoned files in a password protected zip file and demanded payment of $300 for their release. The victim was presented with step-by-step instructions detailing how to start an eGold account on line and deposit the ransom. Yet another version, known as Ransom.A, warned victims that a file on the infected computer would be deleted every thirty minutes unless $10.99 was wired to the scammers in exchange for an unlock code. In fact, Ransom.A was not programmed to delete any files at all. It was purely a bluff intended to panic victims into sending the money quickly.

So far, ransomware has been relatively unsophisticated and fairly easy to thwart. However, computer experts warn that future attacks could use much more secure encryption techniques to lock up victim's files. And the frequency of such attacks is likely to rise. According to a report by Kaspersky Lab, "holding user data hostage is one of the most dangerous and rapidly evolving types of cyber crime".

These ransomware attacks are yet another reason to keep regular backups of all important files. Up-to-date backups are likely to emasculate even technically sophisticated ransomware attacks. If backups are available, a potential ransomware victim has no need to panic or comply with the scammer's demands. He or she can take the necessary steps to cleanse the infected computer of the ransomware and then restore any lost files from backup copies.

And, of course, users can protect themselves from being infected in the first place by ensuring that their operating system and other software has the latest security updates and using up-to-date antivirus software, spyware scanners, and an Internet firewall.

Police will not pursue ransom hackers
Cryzip Trojan Encrypts Files, Demands Ransom
Ransomware Rising
Malware Evolution: January - March 2006

Last updated: 2nd February 2007
First published: 2nd February 2007

Write-up by Brett M.Christensen