Give Me Your Money Or I Won’t Decrypt! Using Encryption for Extortion

Today Media Life Magazine published an interesting article about using encryption to extort money from organizations from whom data has been stolen.  The dark side of encryption!  After Googling a bit, I’m sure this is nothing new to some of you.  However, the article is a pretty interesting read…

“From a venue of shared information, the web is turned by blackmailers into a vehicle for extortion. Scamsters break into a user’s computer, encrypt data, then demand money by e-payment in order to unlock the data. Such schemes have been around for years but investigators warn that they have shot up in the last year, and they’re likely to surge in the coming months. That’s because in the first quarter of 2006 the cyber criminals operating these scams developed increasingly sophisticated software, according to a report from Kaspersky Lab, a Russian anti-virus software company.  As a result of these developments, Kaspersky researchers warn, “Holding user data hostage is one of the most dangerous and rapidly evolving types of cyber crime.

It is not mainstream yet, says David Emm, senior technology consultant at Kaspersky. But this is a new twist on the theme and watch out, because it may become a bigger part of the picture.

Blackmail scams that encrypted data until a sum of money was paid first appeared in 1989. However, at that point e-payment systems weren‚Äôt readily available, so blackmail involved physically collecting the money. That made it no more attractive than traditional blackmail schemes, where the schemers face a huge risk when they swing by to pick up the loot. That risk larger evaporates with e-payment systems. Collecting involves no physical appearances, just clearly written instructions on where to send the money, and the transactions are difficult to track. 

The current scams work like this. The virus, of which there are three main ones at the moment, enters the victim’s machine through the usual routes, such as email attachments, worms or phishing. The virus then encrypts the victim’s files, locking them up. The virus leaves a readme text file, which when opened explains that the data has been locked up and will stay that way until the blackmailer receives money wired over the internet through an e-payment system.  The amount demanded typically ranges between $50 to $2,000.

The user is given very thorough instructions on how to go about setting up an e-payment account. In one instance, this even included a handy tip suggesting the victim makes the account name something easy to remember (as they will be asked for it again later) and reasonably short, according to the Kaspersky report.  In setting the extortion sum, scamsters keep the figure low enough that a sufficient number will choose to pay up. What’s more, says Emm, these low-figure operations can cover their tracks more easily.  Perhaps surprisingly, these crooks so far have generally unlocked the data upon receipt of payment.

Kaspersky advises victims of such schemes to not hand over the money demanded, though it may seem the easier course, but to instead contact their anti-virus software provider. They will likely be able to unlock the data. In the last year Emm estimates hundreds of people have fallen victim to such scams. Says he: “It is a significant number.  To date most incidents have been in Russia and Eastern Europe, but Emm believes that this is likely to change. I don’t see any reason why we wouldn’t see it soon in the U.S. and Western Europe.”

More reason to keep your data encrypted in storage…along with off-line backups!!

This extortion method has been written about before in multiple places.   An FBI acquaintance of mine told me about this a few months ago, and the FBI posted a message regarding it on their site on 3/16/06. I’d like to know how widespread this is…if it is anything like my FBI contact indicates, it is pretty incredible.

Technorati Tags



Leave a Reply