Security Bytes

Jan 14 2011   7:32PM GMT

Ransomware nets nearly $30K in just over a month

ITKE ITKE Profile: ITKE

SMS ransomware surfaces in Russia, charges $12 ransom

By Ryan Cloutier, Contributor

The black hat community is always on the lookout for a way to profit from its illicit activities. On the Web, Trojans and worms disguised as freeware present an easy way for even a moderately skilled hacker to capitalize on the naiveté and lack of experience of many internet users.

According to Nart Villeneuve at Trend Labs’ Malware Blog, recent techniques in the field of cybercrime often involve taking a user’s computer hostage. The malware does this by denying users access to their desktop and files until they dial an SMS number and enter a code.

In the latest ransomware campaign detected by Trend Labs, the SMS agency charges the user the equivalent of $12 before giving them the code to free their systems.

Villeneuve said an ongoing campaign has netted the responsible cybercriminal $29,435 over the last five weeks. He goes on to note mathematically this indicates that 2,500 people have paid the hacker’s ransom.

Cybercrime is a serious matter for cybercriminals who run these campaigns much like ordinary businesses and keep financial records for their own reference. In our research, we were able to access a panel that was used to keep track of the specific income generated by at least 60 phone numbers used in ransomware campaigns.

Villeneuve also notes users downloaded the specific file, identified by Trend Micro as WORM_RIXOBOT.A., more than 100,000 times in December. This means there is most likely a great deal of money going to that criminal.

Back in November, UK researchers detected a drive-by attack that encrypted media files and Microsoft Office documents and then demanded a $120 payment to have the files decrypted.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: