Moscow police investigate ransomware

Russian police are reportedly investigating a criminal gang that installed malicious “ransomware” programs on thousands of PCs and then forced victims to send SMS messages in order to unlock their PCs.

The scam has been ongoing and may have made Russian criminals millions of dollars, according to reports by Russian news agencies. Russian police seized computer equipment and detained a Russian “crime family” in connection with the crime, the ITAR-TASS News Agency reported Tuesday.

Russian-language reports say that 10 people are expected to be charged and that tens of thousands of Russian-language victims were hit by the scam, which also affected users in Ukraine, Belarus and Moldova.

The criminals reportedly used news sites to spread their malicious software, known as WinLock, which disables certain Windows components, rendering the PC unusable, and then displays pornographic images.

To unlock the code, victims must send SMS messages that cost between 300 rubles (Cdn$10.25) and 1,000 rubles.

The scam may have hit as many as 1 million PCs in the Russian-speaking world, according to Sergey Golovanov, a malware analyst with Russian antivirus vendor Kaspersky Lab ZAO. “The bad guys are paying $3 per infection to anyone who agrees to spread this malware through blogs, banners, exploits, botnets, etc.” he said in an e-mail interview.

The scam has worked so well, because in many former Soviet-bloc countries telecommunication companies make it very easy for criminals to anonymously register the kind of paid phone numbers used to pay the ransom, Golovanov said. And communication companies are happy to take their 50 per cent cut of these SMS charges. “It’s a big problem and in my opinion no one wants a solution in this case,” he said.

Usually victims who pay the ransom do get their PCs unlocked, but there’s no guarantee. Victims could very well have their hard drives deleted after they make the payment, Golovanov said. “It all depends on the bad guys.”

Security experts have tracked this type of software for more than a year now, but in most of the world it rarely shows up, according to Dave Marcus, director of McAfee Inc. Labs security research communications.

The software is not considered to be a very sophisticated threat, he said. “It’s just locking your screen with a password you don’t know, which is not that sophisticated when you get down to do.”

Related Download
A Guide to Print Security for Canadian Organizations Sponsor: HP
A Guide to Print Security for Canadian Organizations
IT security vulnerabilities are a growing cause for concern for organizations trying to protect their data from printer breaches.
Register Now