How to tackle JavaScript-based ransomware sites

Ransomware scams are nothing new to computer users; one one making the rounds attempts to disguise itself as an FBI cybercrime intervention for suspected nefarious activity. If you get stung by this scam (generally the fastest way is by using underground pirated software search engines and pornographic sites that redirect to the scam page, but even innocent image searches will get you there if you're not careful), the site will present a notice claiming to come from the FBI "Cyber Department." It states that the system's browser has been seized and recorded, and that the user … Read more

Ransomware cybercrime ring dismantled in Europe

A cybercrime ring that infected millions of computers with ransonmware to extort possibly millions of dollars from people in 30 nations has been broken up, the European police agency said today.

Masquerading as police agencies, the suspects paralyzed computers with a virus and told their owners that illegal online activity had been detected and that a fine would have to be paid to unlock their computers, Europol announced in Madrid.

Investigators said they had identified up to 48 variants of the virus, which typically installs itself by tricking users into downloading a malicious executable filed via a socially engineered message. … Read more

Ransomware a growing menace, says Symantec

Cybercriminals gangs are creating a surge in ransomware, says a new report from Symantec.

Ransomware is a type of malware best described as an online extortion racket. Malware locks or disables your PC in some way and then demands payment in the form of a "fine" to render your PC usable again. Like most scams, the ransomware message claims to come from a legitimate organization, such as the government or a public corporation, to try to convince victims that they did something wrong to incur the fine.

But paying the fine does nothing since the initial malware remains … Read more

Ransomware resurrects the SOPA specter

SOPA. The dearly beloved antipiracy bill was quashed before it reared its ugly head and became signed into U.S. law. It only took months of worldwide protests, tech media outrage, site blackouts and the occasional satirical video or two.

A huge sigh of relief spread through the technology community when the bill was discarded -- at least for the moment. However, enterprising virus developers have piggybacked on the fear that copyright infringement and court cases produce for the general public -- using the recognizable SOPA branding to lure victims into parting with their hard-earned cash. 

The so-called SOPA … Read more

Worm spreading on Skype IM installs ransomware

A malicious worm spreading through Skype instant messages threatens to take control of a victim's machine and hold its contents for ransom.

The issue, which was first brought to light Friday by GFI, tricks users into downloading a ZIP file by displaying the socially-engineered message, "lol is this your new profile pic?" along with a link that also spreads the message to other Skype users. The ZIP file contains an executable file that installs a variant of the Dorkbot worm and creating a backdoor via "Blackhole," an exploit kit used by criminals to infect computers … Read more

Apple's iOS and Android are new favorite malware victims

The online world is under siege. Computers, laptops, and mobile devices are increasingly being attacked by worms, viruses, botnets, Trojans, spam, and more.

According to a new report by McAfee (PDF), Malware is multiplying at a faster pace now than any other time in the last four years. There has been a 1.5 million increase in malware over last quarter, along with growth of newer threats, including "ransomware" attacks, thumb drive corrupters, and botnets.

While Windows PCs remain the hardest hit, there's a growing trend of attacks on Apple's Mac devices and Android smartphones.

"… Read more

New malware strain locks up computers unless ransom is paid

A campaign of "ransomware" is locking people out of their computers unless they pony up the right amount of money.

Spotted by security blog abuse.ch, the malware taps into an exploit kit known as "Blackhole." Sold underground, Blackhole is used by criminals to infect computers through security holes in the browser or third-party plug-ins, such as Java and Adobe Reader.

If the version of Java, for example, is not up to date with the latest patches, the downloaded file will exploit the software's weakness by downloading the Trojan to the PC and then running … Read more

New Trojan encrypts files but leaves no ransom note

Symantec is warning about a new Trojan horse that encrypts files on compromised computers but offers no ransom note like other software designed to hold data hostage for a fee.

Instead, a Web search for terms related to the Trojan horse leads to a company offering a way to remove the malware. The company offering the product used to charge for it but now offers it for free.

Trojan.Ramvicrype uses the RC4 algorithm to encrypt files on systems running Windows 98, 95, XP, Windows Me, Vista, NT, Windows Server 2003 and Windows 2000, according to Symantec's Web site. … Read more

Ransom-based malware attacks specific companies

Various security companies are today reporting targeted attacks made on Fortune 1000 companies over the weekend. What's notable is that documents within each of the affected companies were stolen, encrypted, then the companies were offered a decryption key for a fee. What's odd is that the amount requested as ransom was a mere $300.

Reuters reports companies hit by the attack include Booz Allen, Unisys, Hewlett-Packard and Hughes Network Systems. Security vendors report having identified hundreds more.

The attack works like this. Malware writers target a handful of companies, somehow manage to sneak their code past the corporate … Read more