SMS ransomware surfaces in Russia, charges $12 ransom
By Ryan Cloutier, Contributor
The black hat community is always on the lookout for a way to profit from its illicit activities. On the Web, Trojans and worms disguised as freeware present an easy way for even a moderately skilled hacker to capitalize on the naiveté and lack of experience of many internet users.
According to Nart Villeneuve at Trend Labs’ Malware Blog, recent techniques in the field of cybercrime often involve taking a user’s computer hostage. The malware does this by denying users access to their desktop and files until they dial an SMS number and enter a code.
In the latest ransomware campaign detected by Trend Labs, the SMS agency charges the user the equivalent of $12 before giving them the code to free their systems.
Villeneuve said an ongoing campaign has netted the responsible cybercriminal $29,435 over the last five weeks. He goes on to note mathematically this indicates that 2,500 people have paid the hacker’s ransom.
Cybercrime is a serious matter for cybercriminals who run these campaigns much like ordinary businesses and keep financial records for their own reference. In our research, we were able to access a panel that was used to keep track of the specific income generated by at least 60 phone numbers used in ransomware campaigns.
Villeneuve also notes users downloaded the specific file, identified by Trend Micro as WORM_RIXOBOT.A., more than 100,000 times in December. This means there is most likely a great deal of money going to that criminal.
Back in November, UK researchers detected a drive-by attack that encrypted media files and Microsoft Office documents and then demanded a $120 payment to have the files decrypted.