Ransomware attacks on the rise

An increase in ‘ransomware' attacks has been detected over the past few months.

In line with predictions made by SC Magazine in its look forward to 2012 trends, PandaLabs said it had seen an increase in the attacks, with the first posing as a warning from Microsoft that it had detected a pirated version of Windows and the user had to pay a fine or be reported to the police.

Luis Corrons, technical director of PandaLabs, said other messages purported to be from law enforcement agencies: “While we are used to seeing this kind of fake message in English, in this case the attacks are localised. We have seen English, German, Spanish and Dutch [messages], depending on the targeted country. All of the attacks are targeting some European country, so it looks like they are related and the same cyber criminal gang could be behind them.”

Once their computer is infected, the user is informed that they have accessed illegal material (such as child pornography) and that the computer will be locked to prevent further abuse; to unlock their computer, they have to pay a 'fine' of €100.

“The worst thing for the user is that it actually blocks the computer, so it is not easy to remove. To do it, restart the computer in safe mode and run a scan with an anti-virus solution that is able to detect it,” Corrons said.

Speaking to SC Magazine, Corrons said such infections are often distributed using different exploits via drive-by-download techniques, rather than by targeting people.

“However, once you are infected the file connects to a certain URL and, based on the victim's IP address, it will retrieve the localised version of the message that will appear in the computer,” he said.

Asked how best to avoid or deal with infection, Corrons recommended having software updated, starting with Java and Acrobat Reader, and using anti-virus software.

He said: “There are some variants that disable the option to start Windows in safe mode, so in that case you should run a scan using one of the typical rescue disks that any major anti-virus company has.”

Sign up to our newsletters