“Ransomware” has quickly become cybercriminals' favorite weapon
“Ransomware” has quickly become cybercriminals' favorite weapon
Paul Laubacher

PARIS - The hunt lasted for more than a year. In February, the Spanish police announced that they had arrested 11 people suspected of belonging to one of the most sophisticated cybercrime networks in the world.

The hackers were from Russia, Ukraine and Georgia. They had created a super-virus called Reveton, specifically designed for cyber-kidnapping. This malware is capable of accessing any computer and blocking all access to the machine and its data. When the user tries to use his computer, a message pops up demanding a ransom – of 100 to 200 euros – to unlock it.

These kinds of viruses are called “ransomware” and have fast become a cybercriminal’s favorite weapon.

The perfect con

According to Symantec’s annual Norton Cybercrime Report, every second 18 adult Internet users are a victim of cybercrime – one and a half million victims every day around the world. And the phenomenon is growing.

The McAfee antivirus company recorded 120,000 new ransomware viruses in the second quarter of 2012, a fourfold increase from the previous year. This is because ransomware is much more efficient than phishing, which consists in obtaining the user’s banking information in order to empty his account.

Symantec researchers recently estimated that ransomware scams net $5 million a year. But this is only the tip of the iceberg: “Only 2.9% of all people affected by ransomware end up paying the ransom, but this number is increasing,” says Candid Wueest from Symantec. “As the amounts are relatively low, victims rarely press charges.” The hackers, who are rarely caught, can make up to $33,000 a day, according to Symantec.

Pierre Siaut, a French security expert at TrendMicro who participated in the hunt for the Reveton hackers, says, “This case was particularly interesting. The Reveton malware displayed a message identical to the ones sent by the police: logo, legal references, fines.”

The Reveton virus is part of a recent spate of “police themed” ransomware, which use law enforcement imagery to send official-looking warning messages. The messages claim the user’s computer is locked because its user visited websites linked to terrorism or child porn etc., and say users must pay a fine for the computer to be unlocked.

With this elaborate scam, the victim is much more liable to pay up. Reveton is so elaborate that it is even able to identify the user’s language and country through the computer’s IP address. This information enables the virus to issue a tailored message with specific references to the country’s legislation.

According to the police, the gang behind Reveton has netted millions of euros in more than 30 – mostly European – countries. Europol, the European police agency believes that there have been at least 20,000 victims of this virus.

Hunting down the hackers

In a normal cyber-kidnapping situation, the ransom is often asked in virtual money. The user must then convert his money into virtual currency via services like Ukash or MoneyPak, and then enter a code in his blocked computer. The computer will not do anything, but the money will be automatically transferred to the pirate, who will then launder it through a casino or poker website. He will play for a few minutes and then cash out from the game and collect his euros.

“In the Reveton case, the message asked to pay with prepaid cards,” says Pierre Siaut. “The victim was asked to buy a prepaid card at a service station and enter a code to transfer the money.” This is why it was so difficult to hunt down the cybercriminals, says Siaut: “The prepaid cards are almost impossible to trace on the Internet.”

Pierre Siaut says that instead of following the money trail, he had to follow the hackers’ trail. “We discovered that they had hacked into the databases of news websites. “They retrieved the registered users’ personal data, and then sent them spam luring them into fake websites.” The Reveton Trojan, which was hidden in the code of the fake website, used flaws in web browsers to install the ransomware on the victim’s computer.

The pirates had also managed to target users that were liable to engage illegal activity on the Internet, such as visiting child porn sites.

“These arrests are the results of months of research, investigation and analyses to help the police. We had a special team on the case,” says Pierre Siaut. The terrible thing, he says, is Reveton is still active: “We couldn’t take it down completely.” Europol has, for now, detected no less than 48 active Reveton mutations.

You've reached your monthly limit of free articles.
To read the full article, please subscribe.
Get unlimited access. Support Worldcrunch's unique mission:
  • Exclusive coverage from the world's top sources, in English for the first time.
  • Stories from the best international journalists.
  • Insights from the widest range of perspectives, languages and countries
Already a subscriber? Log in
Keep up with the world. Break out of the bubble.
Sign up to our expressly international daily newsletter!
Ideas

Biden's Democracy Summit: The Sad Truth About The Invitation List

Can the countries the United States have invited to an exclusive summit on democracy safeguard and spread a system that is inherently flawed and fragile?

The U.S. invited Taiwan to take part to the Summit for Democracy

Marcos Peckel

-OpEd-

BOGOTÁ — Don't expect much from the Summit for Democracy, summoned by the U.S. President Joe Biden.

Slated later this week, it follows other initiatives to defend and promote democracy worldwide, and will convene by video remote the representatives of 110 invited countries, which the U.S. State Department considers democracies.

Its three stated objectives are: defense against authoritarianism, fighting corruption and promoting respect for human rights.

The first controversy around the gathering emerged from the guest list, which includes some of the United States' chief regional allies.

Keep reading... Show less
Keep up with the world. Break out of the bubble.
Sign up to our expressly international daily newsletter!
You've reached your monthly limit of free articles.
To read the full article, please subscribe.
Get unlimited access. Support Worldcrunch's unique mission:
  • Exclusive coverage from the world's top sources, in English for the first time.
  • Stories from the best international journalists.
  • Insights from the widest range of perspectives, languages and countries
Already a subscriber? Log in
THE LATEST
FOCUS
TRENDING TOPICS
MOST READ