The economy behind ransomware attacks
Posted on 28.09.2012
First spotted in Russia in 2005, ransomware attacks have since spread to other countries - mainly those of the Western world - by using geo-location to target users with fake notices seemingly coming from their local police.

"Multiple gangs produce their own variants; the social engineering is very good at getting users to pay up, and new versions are appearing all the time. Affiliate programs are also used to monetize this threat," Trend Micro researchers explained, pointing out that the ransomware threat is similar to the rogue AV one.

Until now, most ransomware attacks could be traced back to two groups that seemingly divided targets among themselves according to country. They use separate affiliate programs, different payment schemes, and different ransomware variants.

"One of these groups uses server-side scripts to serve the appropriate images and scripts, depending on the userís country," the researchers shared. "A second group uses a different technique. Here, the images and scripts are embedded in base64-encoded PHP code. The images and scripts are never downloaded separately, as they might be in the first case."

Still, both prefer getting paid via untraceable Ukash and paysafecard vouchers, which they promptly sell to exchange sites for half the price, and the circle ends when the exchanges sell those vouchers on for up to nine tenths of the original price.

But, as the researchers point out, new cybercriminal groups arrive on the scene all the time, and previously well-established schemes will likely change little by little, or be abandoned for new business models - it just remains to be seen which.


A data security guy's musings on the OPM data breach train wreck

There is still way too much apathy when it comes to data-centric security. Given the sensitive data the OPM was tasked with protecting, it should have had state-of-the-art data protection, but instead it has become the poster child for IT security neglect.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Tue, Jul 28th