“Ransomware” has quickly become cybercriminals' favorite weapon
“Ransomware” has quickly become cybercriminals' favorite weapon
Paul Laubacher

PARIS - The hunt lasted for more than a year. In February, the Spanish police announced that they had arrested 11 people suspected of belonging to one of the most sophisticated cybercrime networks in the world.

The hackers were from Russia, Ukraine and Georgia. They had created a super-virus called Reveton, specifically designed for cyber-kidnapping. This malware is capable of accessing any computer and blocking all access to the machine and its data. When the user tries to use his computer, a message pops up demanding a ransom – of 100 to 200 euros – to unlock it.

These kinds of viruses are called “ransomware” and have fast become a cybercriminal’s favorite weapon.

The perfect con

According to Symantec’s annual Norton Cybercrime Report, every second 18 adult Internet users are a victim of cybercrime – one and a half million victims every day around the world. And the phenomenon is growing.

The McAfee antivirus company recorded 120,000 new ransomware viruses in the second quarter of 2012, a fourfold increase from the previous year. This is because ransomware is much more efficient than phishing, which consists in obtaining the user’s banking information in order to empty his account.

Symantec researchers recently estimated that ransomware scams net $5 million a year. But this is only the tip of the iceberg: “Only 2.9% of all people affected by ransomware end up paying the ransom, but this number is increasing,” says Candid Wueest from Symantec. “As the amounts are relatively low, victims rarely press charges.” The hackers, who are rarely caught, can make up to $33,000 a day, according to Symantec.

Pierre Siaut, a French security expert at TrendMicro who participated in the hunt for the Reveton hackers, says, “This case was particularly interesting. The Reveton malware displayed a message identical to the ones sent by the police: logo, legal references, fines.”

The Reveton virus is part of a recent spate of “police themed” ransomware, which use law enforcement imagery to send official-looking warning messages. The messages claim the user’s computer is locked because its user visited websites linked to terrorism or child porn etc., and say users must pay a fine for the computer to be unlocked.

With this elaborate scam, the victim is much more liable to pay up. Reveton is so elaborate that it is even able to identify the user’s language and country through the computer’s IP address. This information enables the virus to issue a tailored message with specific references to the country’s legislation.

According to the police, the gang behind Reveton has netted millions of euros in more than 30 – mostly European – countries. Europol, the European police agency believes that there have been at least 20,000 victims of this virus.

Hunting down the hackers

In a normal cyber-kidnapping situation, the ransom is often asked in virtual money. The user must then convert his money into virtual currency via services like Ukash or MoneyPak, and then enter a code in his blocked computer. The computer will not do anything, but the money will be automatically transferred to the pirate, who will then launder it through a casino or poker website. He will play for a few minutes and then cash out from the game and collect his euros.

“In the Reveton case, the message asked to pay with prepaid cards,” says Pierre Siaut. “The victim was asked to buy a prepaid card at a service station and enter a code to transfer the money.” This is why it was so difficult to hunt down the cybercriminals, says Siaut: “The prepaid cards are almost impossible to trace on the Internet.”

Pierre Siaut says that instead of following the money trail, he had to follow the hackers’ trail. “We discovered that they had hacked into the databases of news websites. “They retrieved the registered users’ personal data, and then sent them spam luring them into fake websites.” The Reveton Trojan, which was hidden in the code of the fake website, used flaws in web browsers to install the ransomware on the victim’s computer.

The pirates had also managed to target users that were liable to engage illegal activity on the Internet, such as visiting child porn sites.

“These arrests are the results of months of research, investigation and analyses to help the police. We had a special team on the case,” says Pierre Siaut. The terrible thing, he says, is Reveton is still active: “We couldn’t take it down completely.” Europol has, for now, detected no less than 48 active Reveton mutations.

You've reached your monthly limit of free articles.
To read the full article, please subscribe.
Get unlimited access. Support Worldcrunch's unique mission:
  • Exclusive coverage from the world's top sources, in English for the first time.
  • Stories from the best international journalists.
  • Insights from the widest range of perspectives, languages and countries
Already a subscriber? Log in
Support Worldcrunch
We are grateful for reader support to continue our unique mission of delivering in English the best international journalism, regardless of language or geography. Click here to contribute whatever you can. Merci!
Society

Teachers v. Parents: The End Of Tunisia's "Golden Age" Of Education

Violence against teachers, poorly received educational reforms, conflicts with parents: In Tunisia, the entire education sector is in crisis.

In a Koranic school in Kasserine

Frida Dahmani

TUNIS — In Sousse, a city in eastern Tunisia, students tried to burn down their school with Molotov cocktails. In Mahdia, a coastal city, an English teacher was dragged before the courts after having given an F to a student. In Ezzahra, in the southern suburbs of Tunis, a student stabbed his history and geography teacher after not being allowed to retake an exam for which he had been absent without an excuse. Another student exhibited female underwear in class to make his classmates laugh.

Keep reading... Show less
Support Worldcrunch
We are grateful for reader support to continue our unique mission of delivering in English the best international journalism, regardless of language or geography. Click here to contribute whatever you can. Merci!
You've reached your monthly limit of free articles.
To read the full article, please subscribe.
Get unlimited access. Support Worldcrunch's unique mission:
  • Exclusive coverage from the world's top sources, in English for the first time.
  • Stories from the best international journalists.
  • Insights from the widest range of perspectives, languages and countries
Already a subscriber? Log in
THE LATEST
FOCUS
TRENDING TOPICS
MOST READ