The economy behind ransomware attacks
Posted on 28.09.2012
First spotted in Russia in 2005, ransomware attacks have since spread to other countries - mainly those of the Western world - by using geo-location to target users with fake notices seemingly coming from their local police.

"Multiple gangs produce their own variants; the social engineering is very good at getting users to pay up, and new versions are appearing all the time. Affiliate programs are also used to monetize this threat," Trend Micro researchers explained, pointing out that the ransomware threat is similar to the rogue AV one.

Until now, most ransomware attacks could be traced back to two groups that seemingly divided targets among themselves according to country. They use separate affiliate programs, different payment schemes, and different ransomware variants.

"One of these groups uses server-side scripts to serve the appropriate images and scripts, depending on the userís country," the researchers shared. "A second group uses a different technique. Here, the images and scripts are embedded in base64-encoded PHP code. The images and scripts are never downloaded separately, as they might be in the first case."

Still, both prefer getting paid via untraceable Ukash and paysafecard vouchers, which they promptly sell to exchange sites for half the price, and the circle ends when the exchanges sell those vouchers on for up to nine tenths of the original price.

But, as the researchers point out, new cybercriminal groups arrive on the scene all the time, and previously well-established schemes will likely change little by little, or be abandoned for new business models - it just remains to be seen which.


10 practical security tips for DevOps

By working with the DevOps team, you can ensure that the production environment is more predictable, auditable and more secure than before. The key is to integrate your security requirements into the DevOps pipeline.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Tue, Mar 31st