Porn ‘Ransomware’ Stealing More than $5 Million Annually
YNOT – Porn merchants and consumers beware: According to the research team at antivirus developer Symantec, hackers may be using some of your favorite sites as distribution hubs for the latest craze in cyber-scams.
Dubbed “ransomware,” the malware at the heart of the scams most often locks users out of their computers, promising to release the equipment when a ransom is paid. In the most profitable versions, the screen of the infected machine displays a warning from local or federal law enforcement threatening the user with criminal prosecution for viewing or downloading illegal materials.
Users typically are infected during “drive-by” attacks harbored on pornographic websites, Symantec researchers said, adding that website owners may not realize their sites have been compromised. The ransomware usually is delivered by a malicious advertisement or iFrame that loads content from somewhere else.
The pornography connection makes the ransomware particularly effective, Symantec noted, as many victims decide to pay an average of $200 rather than risk embarrassment. According to the company’s research, about 2.9 percent of victims pay the ransom.
At least 16 independently developed versions of the same basic scam, which originated in Russia and Eastern Europe before migrating to North America, have been circulating for more than a year, Symantec researchers said. Worldwide, the scams are raking in scads of cash. In one case, the researchers watched scammers use the virus to collect nearly $34,000 in just one day.
“An investigation into one of the smaller players in this scam identified 68,000 compromised computers in just one month…,” Symantec researchers Gavin O’Gorman and Geoff McDonald wrote in the report “Ransomware: A Growing Menace” [PDF]. “Given the number of different gangs operating ransomware scams, a conservative estimate is that over $5 million dollars a year is being extorted from victims. The real number is, however, likely much higher.
“From just a few small groups experimenting with this fraud, several organized gangs are now taking this scheme to a professional level, and the number of compromised computers has increased,” they added.
Adding insult to injury, most of the current crop of ransomware variants do not include the code necessary to uninstall themselves even if the victim pays the ransom, O’Gorman and McDonald revealed. Many end-users spend another $200 having their computers professionally cleaned in order to get rid of the rogue software, some versions of which also incorporate a keylogger that is difficult for the average computer user to detect and remove.
Erika Icon contributed to this report.