Posted on: Wednesday, May 25, 2005
Latest attack via Internet demands ransom for files
By Ted Bridis
Associated Press
WASHINGTON — The latest threat to computer users doesn't destroy data or steal passwords — it locks up a person's electronic documents, effectively holding them hostage, and demands $200 over the Internet to get them back.
Security researchers at San Diego-based Websense Inc. uncovered the unusual extortion plot when a corporate customer fell victim to the infection, which encrypted files that included documents, photos and spreadsheets.
A ransom note left behind included an e-mail address, and the attacker using the address later demanded $200 for the digital keys to unlock the files.
"This is equivalent to someone coming into your home, putting your valuables in a safe and not telling you the combination," said Oliver Friedrichs, a security manager for Symantec Corp. The company said yesterday that the problem was serious but not deemed a high-level threat because there were no indications it was widespread.
The FBI said the scheme is unlike other Internet extortion crimes. Leading security and anti-
virus firms are updating protective software to guard against this type of attack, which experts dubbed "ransom-ware."
"This seems fully malicious," said Joe Stewart, a researcher at Chicago-based Lurhq Corp. who studied the attack software. Stewart managed to unlock the infected computer files without paying the extortion, but he worries that improved versions might be more difficult to overcome.
"You would have to pay the guy, or law enforcement would have to get his key to unencrypt the files," Stewart said.
The latest danger adds to the risks facing beleaguered Internet users, who must increasingly deal with categories of threats that include spyware, viruses, worms, phishing e-mail fraud and denial-of-service attacks.
In the recent case, computer users could be infected by viewing a vandalized Web site with vulnerable Internet browser software. The infection locked up at least 15 types of data files and left behind a note with instructions to send e-mail to a particular address to purchase unlocking keys. In an e-mail reply, the hacker demanded that $200 be wired to an Internet banking account. "I send programm to your email," the hacker wrote.
There was no reply to e-mails sent to that address Monday by The Associated Press.
Ed Stroz, a former FBI agent who investigates computer crimes for corporations, said the $200 ransom demand probably was deliberately low to encourage victims to pay rather than call police.
