The economy behind ransomware attacks
Posted on 28.09.2012
First spotted in Russia in 2005, ransomware attacks have since spread to other countries - mainly those of the Western world - by using geo-location to target users with fake notices seemingly coming from their local police.

"Multiple gangs produce their own variants; the social engineering is very good at getting users to pay up, and new versions are appearing all the time. Affiliate programs are also used to monetize this threat," Trend Micro researchers explained, pointing out that the ransomware threat is similar to the rogue AV one.

Until now, most ransomware attacks could be traced back to two groups that seemingly divided targets among themselves according to country. They use separate affiliate programs, different payment schemes, and different ransomware variants.

"One of these groups uses server-side scripts to serve the appropriate images and scripts, depending on the userís country," the researchers shared. "A second group uses a different technique. Here, the images and scripts are embedded in base64-encoded PHP code. The images and scripts are never downloaded separately, as they might be in the first case."

Still, both prefer getting paid via untraceable Ukash and paysafecard vouchers, which they promptly sell to exchange sites for half the price, and the circle ends when the exchanges sell those vouchers on for up to nine tenths of the original price.

But, as the researchers point out, new cybercriminal groups arrive on the scene all the time, and previously well-established schemes will likely change little by little, or be abandoned for new business models - it just remains to be seen which.






Spotlight

Most popular Android apps open users to MITM attacks

Posted on 21 August 2014.  |  An analysis of the 1,000 most popular free Android apps from the Google Play store has revealed a depressing fact: most of them sport an SSL/TLS vulnerability that can be misused for executing MITM attacks, and occasionally additional ones, as well.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Aug 21st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //