The Fraud Examiner

Far From ‘Game Over’ for Ransomware

June 2014

By Zach Capers, CFE

Last month, the U.S. Department of Justice, in concert with authorities from the UK, Australia, Japan, Germany, France and the Ukraine, disrupted a massive botnet named Gameover Zeus that had been the primary distributor of the notorious CryptoLocker ransomware. For nearly a year, the CryptoLocker virus has swept across the Internet, infecting more than 234,000 computers and generating an estimated $27 million in its first two months alone. Meanwhile, the Gameover Zeus network had itself amassed more than $100 million in illicit proceeds. While the success of the international effort was welcome news to Internet users everywhere, authorities were quick to warn that the criminal network could regroup and return to full strength within mere weeks.

Ransomware, as its name implies, is a form of malicious software (malware) that locks a user’s operating system and restricts access to data files until a ransom is paid. To intimidate Internet users into compliance, ransomware often employs a convincing professional interface, commonly emblazoned with police insignia or an official government logo. Messages typically consist of threatening accusations that the user has been caught viewing illegal videos, downloading pirated media or otherwise accessing forbidden Internet content, with the only remedy being to pay a fine. Other forms are far more direct and make no effort to conceal their naked attempts at extortion.

While some ransomware simply prevents access to files, other forms — known as cryptoviral ransomware (e.g., CryptoLocker) — actually encrypt users’ files. This is of particular concern to businesses due to the potentially disastrous threat of encrypted network drives. These schemes typically promise that, after payment is received, the user will be provided with a key to release the system and unencrypt files; however, even after money is transferred, the virus typically remains installed on the machine and a key is never provided.

Although some might believe they could never fall prey to such a ploy, these schemes are often well designed and incredibly successful at luring in even the most unlikely victims. For example, in November 2013, the Swansea Police Department in Massachusetts fell victim to the CryptoLocker virus and admitted to paying a ransom of $750 in an attempt to regain access to their files. Computer security experts strongly discourage ransomware victims from giving in to extortion demands and instead recommend having the virus removed if possible or, in the worst cases, simply accepting the loss of a computing device.

Sign In

Not a member? Click here to Join Now and access the full page.