Once again ransomware is on the loose; but it’s a little bit different this time around. In previous versions of this type of malware, after installation, the victim was informed that the computer’s files had been encrypted and a decrypting tool had to be purchased from the cyber-criminal in order to decrypt the affected files.
Now we have a another new form of ransomware to deal with. Cyber criminals are now combining rogueware with ransomware, enabling them to hijack users’ information and block computer use.
Courtesy of PandaLabs:
PandaLabs, Panda Security‘s malware analysis and detection laboratory, has identified a new, more aggressive trend cyber criminals are using to sell fake anti-virus programs, otherwise known as rogueware. Cyber criminals are now combining rogueware with ransomware, hijacking users’ computers and rendering them useless until victims purchase fake anti-virus programs.
The fake program that PandaLabs has discovered, called Total Security 2009, is being offered to victims for approximately $79.95. Victims can also purchase ‘premium’ tech support services for an additional $19.95.
Users who pay the ransom receive a serial number that releases all files and executables, allowing them to work normally and recover their information. The fake anti-virus, however, remains on their systems.
PandaLabs has published a list of serial numbers that victims can use to unblock their computers, as well as a video demonstrating how this scam operates. To obtain a serial number click here.
Previously, when computers were infected by this type of malware, users would typically see a series of warnings prompting them to buy a paid version of the program. The new method of selling rogueware blocks users’ attempts to run programs or open documents, displaying a message falsely informing them that all files on their computers are infected and the only solution is to buy fake anti-virus.
“Users are often infected unknowingly – in most cases through visiting hacked Web sites. Once a computer is infected, it is extremely difficult to eliminate the threat, even for those with a certain degree of technical knowledge,” said Luis Corrons, technical director of PandaLabs.
“Users are also prevented from using any type of detection or disinfection tool, as all programs are blocked. The only application that can be used is the Internet browser, conveniently allowing the victim to pay for the fake anti-virus. For this reason, on the PandaLabs blog, we have published the serial numbers required to unblock the computer if it has been hijacked. Users can then install genuine security software to scan the computer in-depth and eliminate all traces of this fake anti-virus.”
“The way this rogueware operates presents a dual risk: First, users are tricked into paying money simply in order to use their computers; and second, these same users may believe that they have a genuine anti-virus installed on the computer, thereby leaving the system unprotected,” adds Corrons.
“This shift toward hijacking computers indicates either that users are becoming more adept at recognizing these threats or that security companies are beginning to close the gap on this highly sophisticated level of cybercriminal behavior. This would explain why hackers are becoming more aggressive in the methods used to force the victims into purchasing fake anti-virus programs.”
You can download a free trial of Panda Global Protection 2010 to completely remove the infection, once the ransomware feature is removed.
PandaLabs recently published a report about the lucrative business of rogueware. The report is available here.
If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.