Ransomware

The concept of ransomware managed to pass me by until a recent news item on the BBC Manchester area. On the BBC’s website, where I first saw the item, it doesn’t state how Helen Barrow’s computer was compromised.

A woman from Greater Manchester has become a victim of an internet scam in which hackers hijack computer files and blackmail owners to get them back.

Helen Barrow, a 40-year-old nurse from Rochdale, is believed to be one of the first victims of the con in the UK.

Criminals encrypt files with complex passwords, leaving a ransom note telling victims not to contact police.

Ms Barrow’s note said that she would have to buy drugs from an online pharmacy to find out the password.

The new phenomenon, known as Ransomware, means victims cannot access any of the files stored in their My Documents folder.

Watching the video reveals all.

She clicked on a pop-up offering to “clean up” her computer. Gah! The oldest trick in the book and she fell for it. Like, I suspect, many others do. As she is studying for nursing exams, Ms Barrow is far from stupid. So, what is it that makes otherwise intelligent people fall for the blatant scams on the net? Scams that they might otherwise spot in a different environment.

I presume that in falling for this, she is not sufficiently net savvy to junk Internet Explorer and use the more secure Firefox. But, even IE has a pop-up blocker that is set to block pretty much on default. When I’m testing my sites for compatibility, I have to grit my teeth and use this browser, and sure enough, as a default, pop-ups are, indeed, blocked. So why did this happen? Why do people respond to unsolicited adverts? What happens to their brains? If I want to clean up my computer, I’ll seek out a robust, secure and reliable program from a known, trustworthy source – not some fly-by-night cowboy who invades my desktop with an unwelcome pop-up. Another possibility is the messenger pop-up hole in Windows that allows scammers to gain access. Again, why isn’t this switched off as a default?

Ms Barrow did, however, do the right thing when she ignored the blackmailers demands not to contact the police. I suspect that most victims would, although the Network World Article implies that there are victims of computer extortion who do cough up.

Gaming sites have been hit with this sort of crime, and some accept it as a cost of doing business, paying tens of thousands of dollars a year, according to sources.

There is only one appropriate response to extortion and that is a flat refusal to cooperate. Contact the police. It seems that the viruses used to plant the encryption on victims’ machines is reverse engineerable; sufficient to un-encrypt them and recover the files. In the case of Ms Barrow, she managed to recover half of her files.

In life, there will always be crooks and con artists eager to part hapless marks with their money. Their methods in cyberspace may be more sophisticated, but the hallmarks remain the same. If it looks to good to be true; it is. If they want money up-front; run a mile. And, for crying out loud, don’t respond to pop-ups (get firefox and block the buggers), and don’t, don’t open emails from unknown sources and certainly don’t open attachments unless the source is a trusted one. If it isn’t already, switch off Windows Messenger.

Oh, and make sure your firewall and anti-virus software is up-to-date.

UPDATE: It seems the antivirus guys have cracked the code. Virus writers are not very good programmers. This bunch of wannabees put the key in the code itself. So, for anyone out there caught by this attempt at extortion, here’s the key:

mf2lro8sw03ufvnsq034jfowr18f3cszc20vmw

Whatever you do, don’t pay the bastards.