The economy behind ransomware attacks
Posted on 28.09.2012
First spotted in Russia in 2005, ransomware attacks have since spread to other countries - mainly those of the Western world - by using geo-location to target users with fake notices seemingly coming from their local police.

"Multiple gangs produce their own variants; the social engineering is very good at getting users to pay up, and new versions are appearing all the time. Affiliate programs are also used to monetize this threat," Trend Micro researchers explained, pointing out that the ransomware threat is similar to the rogue AV one.

Until now, most ransomware attacks could be traced back to two groups that seemingly divided targets among themselves according to country. They use separate affiliate programs, different payment schemes, and different ransomware variants.

"One of these groups uses server-side scripts to serve the appropriate images and scripts, depending on the userís country," the researchers shared. "A second group uses a different technique. Here, the images and scripts are embedded in base64-encoded PHP code. The images and scripts are never downloaded separately, as they might be in the first case."

Still, both prefer getting paid via untraceable Ukash and paysafecard vouchers, which they promptly sell to exchange sites for half the price, and the circle ends when the exchanges sell those vouchers on for up to nine tenths of the original price.

But, as the researchers point out, new cybercriminal groups arrive on the scene all the time, and previously well-established schemes will likely change little by little, or be abandoned for new business models - it just remains to be seen which.


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Tue, Feb 9th