Virus writers get into cyber-extortion

'Pay up or you'll never see your data again'

By John Leyden • Get more from this author

Posted in InfoSec, 21st April 2006 14:57 GMT

Incidence of cyber-blackmail attempts rose during the first three months of this year. Malicious hackers are moving away from 'stealth use' of infected computers - stealing personal data, using infected computers as part of zombie networks - to direct blackmailing of victims, according to a new report from Kaspersky Lab.

The study, Malware Evolution: January to March 2006, cites cases where virus writers have either encrypted data or corrupted system information before demanding a ransom for safe return of data victims. The quantities demanded vary beteen $50 and $2,500.

To date, Kaspersky says it has been able to restore encrypted data on behalf of customers. It reports, however, that hackers are adopting more sophisticated encryption schemes and notes that the best form of protection is for users to avoid downloading files from untrusted sources while running up to date anti-virus protection and making regular backups.

The report (available here) also details other recent developments in virus writing, including the emergence in March of a crossover virus, Cxover, that scans the operating system of a PC and uses Microsoft ActiveSync to search for mobile devices. Cxover attempts to delete user files from mobile devices before copying itself back to a PC. ®

Free Report - "High-level Best Practices in Software Configuration Management: How to deploy SCM software to the maximum advantage"