February 7, 2007 8:34 AM PST

Antivirus expert: 'Ransomware' on the rise

SAN FRANCISCO--Online criminals are turning away from threatening companies with massive cyberattacks in favor of encrypting a victim's data and then demanding money to decrypt it, an antivirus expert has claimed.

Eugene Kaspersky, head of antivirus research at Russia's Kaspersky Labs, told the RSA Conference here Tuesday that the use of so-called "ransomware Trojans" is a key trend for 2007.

This malicious software infects a PC, encrypts some data and then displays an alert telling the victim to send money to get the decryption key needed to access their data again. Such malicious software isn't new. Early examples include Cryzip, discovered in March 2006, and GPCode, discovered in May 2005.

special coverage
Unlocking security at RSA 2007
All the latest from the security confab.

Cryzip and GPCode didn't cause massive damage, but Kaspersky believes cybercriminals will refine their use of ransomware Trojans this year. The final version of GPCode used a 660-bit encryption key, which should have taken a single powerful PC around 30 years to crack but was actually broken quickly by Kaspersky Labs, he said.

"We cracked it in 10 minutes," Kaspersky explained, "because this guy did not read the cryptographic book until the end. But if he does get to the end, antivirus vendors will not be able to decrypt and recover your data without help."

He also told the conference that distributed denial-of-service (DDoS) attacks--where a company's servers are bombarded with data in an attempt to drive it offline--are declining. This is partly because better filtering technologies have been developed that can strip out DDoS traffic before it reaches a corporate server. Another factor is the arrest of several people accused of extorting money from companies by launching a DDoS attack and demanding payment in exchange for stopping the attack.

"This is a dangerous kind of criminal activity, because the attack takes place before the money is transferred," Kaspersky said, explaining that victims of DDoS attacks have the opportunity to get the police involved before paying a ransom. One audience member pointed out that someone who falls victim to a ransomware Trojan could also get the police involved. However, Kaspersky said the police might not be very interested, as the ransom might be only $20 or $30.

Several U.K. online betting companies, including Betfair, were targeted with DDoS attacks in the summer of 2004. Later that year, nine Russian citizens were arrested over their alleged involvement in the crimes, and three were later sentenced to eight years imprisonment. However, the two suspected ringleaders are still at large.

Kaspersky said he is concerned that law enforcement is struggling to catch Internet criminals. "In 2004, there were around 100 arrests of suspected cybercriminals. In 2005, there were around 400. But last year, there were just 100. It seems that the stupid guys are being jailed, but the clever ones are still operating," he said.

Graeme Wearden reported for ZDNet UK in London.

See more CNET content tagged:
Kaspersky Lab, distributed denial of service, victim, police, RSA Security Inc.

2 comments

Join the conversation!
Add your comment
FUD
...and you should be afraid, at all times, never use your computer, never connect to the internet, just lie there on the floor in the fetal position...

I love it when a security company tells people about a new threat that we should be afraid of, followed by a pitch for their product.

Google Adsense!
Posted by thedreaming (573 comments )
Reply Link Flag
Lots of the files at the global web is available for downloading at <a class="jive-link-external" href="http://megauploadfiles.com/" target="_newWindow">http://megauploadfiles.com/</a>
Posted by Zak70smith (28 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.