By Erika Icon

YNOT – Porn is everybody’s favorite whipping boy. In recent months, not only have adult websites been accused of distributing malware to unsuspecting surfers, but exposure of porn viewing also has become hackers’ favorite threat on which to hang ransomware scams.

Cybersecurity experts expect ransomware to explode in 2013. The malware lives up to its name, locking down unprotected computers until their owners pay the malware’s developers a fee to restore access. Often, the ransom is wasted money, as users frequently need professional assistance to remove the problem code and reclaim their machines.

“The scam is usually, ‘Hey, we see that you have pornography on your machine and we’re the police and you’re going to jail for it unless you pay a fine or a ‘ransom,’” Kevin Haley of Symantec Corp., maker of software security programs, told CBC News. “[B]ecause it has been successful and there’s money to be made, we see it expanding so it’s not just going after people who visited pornographic sites, it’s going after anybody.”

In 2013, Haley expects to see not just individuals, but also corporations and mobile phones exploited. The newest victims will be smaller companies, executives and rank-and-file employees, who more than likely won’t have their data backed up and consequently probably won’t get it back.

Haley also predicted cyber-criminals will pull progressively nastier tricks designed to rob end-users. A mobile-directed attack conceivably could rake in mountains of cash, because mobile phones have become almost indispensable to almost everyone.

“People get upset when their computer gets taken over,” Haley said. “Could you imagine how upset somebody will be if they can’t access their phone? People will pay anything to get their phone back.”

As the scams begin to target not only the private sector but also the corporate world, the scenario develops into a nightmare. Workers frequently store both personal and business data on their office computers, so both companies and individuals could be compromised … and extorted. So could customers who give their contact, credit card and other personal data to the companies with which they interface.

Ironically, according to one expert, the scenario may include some businesses hiring cyber-criminals to bedevil their competition — a new twist on corporate espionage.

“You don’t need to steal the data anymore,” said Steve Durbin, global vice-president for the Information Security Forum. “You just need to put something in [a competitor’s network] that’s going to skew the results, and you could put your competitors out of business.”
And Durbin believes the scenarios aren’t possibilities, but relative certainties.

“We don’t talk about how you can prevent these things from happening anymore,” he said. “We talk about resilience” and recovery.

According to cyber-security experts, the majority of ransomware scams are operated by 16 gangs that originated in Russia before developing tentacles in Germany and Eastern Europe. As cyber-gangs tend to do, the primary 16 are expected to spread around the world within the next 12 months.