Ransomware was going to be one of the rising if malevolent stars of 2007, but it never came to pass. Now it has come back unexpectedly, just as people were writing it off as a phenomenon.
A report from a security company Sunbelt Software has found a new version of the species, a Trojan that appears able to lock up Windows XP systems it has infected. The only way to get control back is to pay up $35 by phoning a supplied number.
The year of the ransomware Trojan was 2006, with a flurry of examples in the first half of the year. Typically, these would encrypt data files (or claim to) on a user’s hard disk, offering an unlock key in return for a price. The most famous example was Cryzip , which brought the whole phenomenon to the attention of the security world.
There were fears that the rudimentary encryption schemes being used would grow sophisticated enough to stop security companies working out the unlock key. In fact, since ransomware is really just a variation on well-established principles of social engineering, the use of complex encryption isn’t necessary. All that a piece of ransomware malware has to do to work is make the user believe that their files are inaccessible, regardless of whether they really are or not.
So why hasn’t ransomware exploded? Most experts suspect it is not the idea that is weak, it is the need to collect payment using some form of intermediary. Hit too many people at once, and the security companies will blow the scheme, rendering it useless. That can happen in days, which makes collecting ransom money from intermediary services hard to achieve compared to established crimes such as bank phishing.
The criminals behind Cryzip used the controversial e-gold service, which made their activity more traceable. The owners of the service later claimed that no money from the scam had been passed on, impossible to verify but plausible given the timescales.
So ransomware is a powerful form of malware, perhaps the most frightening yet devised. But it is not easy to profit from it. But that won’t necessarily always be the case. My prediction is that it will return in some form this year or next, perhaps in very sinister forms such as schemes that attempt to blackmail people either by threatening them with exposure (you visited a porn site and we are going to tell every contact in your Outlook mailbox) or simply by inventing crimes to scare the innocent but naive to death (we have registered your stolen credit card with a child porn site and will now tell the authorities. Try explaining your way out of that, Buddy).
These will be small scale – large scale attacks would attract too much attention. But they will also help reshape social engineering malware into new and hideous forms most people can barely imagine in today’s world.