Ransomware & Cyber Extortion: Computers Under Siege

July 1, 2013

Extortion, blackmail and ransom requests have always been cornerstones of criminal activity. In today’s global internet economy, criminals are adapting their techniques by attempting to extort money from people using “Ransomware.”


Ransomware is a type of malicious software used by cybercriminals that’s designed to extort money from their victims, either by encrypting data on the disk or by blocking access to the system. Ransomware is commonly installed by triggering a vulnerability in the victim’s computer, which is generally exploited by users inadvertently opening a phishing email or accessing a malicious website that was created by the attackers. Kaspersky Lab’s experts found Ransomware attachments being sent out in phishing emails from attackers claiming to be from popular online booking services, financial institutions and social networks.

Once the program is installed, it will encrypt the disc of the victim’s computer or block access to the system while leaving a “ransom” message that demands a fee in order to decrypt the files or restore the system. This will appear the next time the user restarts their system. Essentially, the attackers are holding your computer hostage and are trying to extort money from you in exchange for letting you access your computer – however – it’s important to understand you won’t necessarily regain access to your system even if you pay the “ransom” money.


Example of Ransomware notification that appears when the computer is rebooted

 Ransomware is increasing in popularity worldwide, although the ransom messages and scams for extorting money will differ based on geography. In countries where piracy is common, such as Russia, Ransomware programs that block access to the system often claim to have identified unlicensed software on the victim’s computer and ask for a payment.

In Europe or North America, where software piracy is less common, this approach is not as successful. Instead, popup messages from fake law enforcement agencies will appear that claim to have found child pornography or other illegal content on the computer. This is accompanied by a demand to pay a fine.


 Ransomware Posing as Department of Justice


 Ransomware Notification Fraudulating as Federal German Police (BKA)

Protecting your PC from Cryptolocker, PrisonLocker, Cryptowall and their likes

  • Check your PC for Zeus-type malware. Use the free Kaspersky Lab utility which is able to scan the PC and delete the malware.
  • Install a strong Internet security solution. It will prevent compromising in the future.
  • Create an online backup copy of your data. It will be needed in case your PC is affected by Cryptolocker or other ransomware. Instead of paying ransom for your encrypted data, you just need to restore it. The backup will also save you in case of fire, hard drive failure and other unfortunate circumstances. It is vital to perform a regular backup on your PC. For the online backup plan, instant synchronization is possible, for locally stored backup copy we recommend daily synchronization. To ensure better protection from Cryptolocker, all external storage devices must be disconnected after the backup has been performed.