The result of a joint initiative between the European Cybercrime Centre (EC3) and the Dutch National High Tech Crime Unit (NHTCU), the report aims to increase awareness of ransomware, and also identify opportunities for international law enforcement intervention and operational coordination.
Police ransomware is a type of online fraud used by criminals to extort money through the deployment of malware. The malware disables the functionality of victims’ computers and displays a message demanding the payment of a ransom to regain access to their machines.
The ransomware messages purport to be from law enforcement agencies, and accuse the victim of carrying out online activities such as illegal file-sharing, accessing child abuse material, or visiting terrorist websites. The criminals use real law enforcement agency logos to lend authority to their messages and coerce victims into paying ransoms to unlock their computers.
Although the exact number of victims of police ransomware in the EU is difficult to assess, it is estimated that millions of computers have been infected and tens of thousands of citizens have paid ransom demands. It is a multimillion euro business for the criminals involved.
These cybercriminal activities are facilitated by underground online forums that provide the ransomware source-code, infrastructure for distribution of the malware and money laundering services for ‘cashing out’ the illicit proceeds gained through online prepaid solutions and virtual currencies. Ransomware ‘kits’ mean that attacks can be easily deployed and are no longer restricted to the technically savvy.
New forms of ransomware are emerging – such as Cryptolocker – which may have even more impact on individuals and businesses as they risk permanent loss of their data and files. Cybercriminals will expand their pool of victims by addressing new markets, targeting different operating systems and devices.
The distribution of ransomware actors and infrastructure across many legal jurisdictions complicates police investigations and therefore improved cooperation and information exchange between law enforcement authorities and private partners is essential in the fight against this cybercrime phenomenon.
Troels Oerting, Head of the European Cybercrime Centre said: “Malware attacks in the form of ransomware will unfortunately increase. It is a 'cash cow' for criminal enterprises, easy to use and difficult for victims to protect against. All kinds of innocent users are potential victims of this crime - not just mainstream users but also businesses and public services. EC3 will continue to assist EU Member States law enforcement agencies in combating this crime and tracing the criminal proceeds. In the meantime we all need to increase awareness amongst all Internet users to avoid further impact. A number of guidelines need to be observed - one is to ensure that you’re always backed-up”.