The UK’s Police Central e-Crime Unit (PCeU) has announced the arrest of three of three people in connection with alleged ransom malware attacks against PC users.
In what counts as the first significant arrests for this type of malware made in the UK, the two men and a woman were picked up in Stoke on Trent on a range of fraud-related charges.
The PCeU hasn’t given details of which campaign the three are accused of having been involved with beyond saying that it related to a failry standard police Internet impersonation scam.
Infected users were locked out of PCs and files with a £100 ‘fine’ being demanded for non-existent computer offences.
"The arrests shows we are determined to combat this type of crime,” said Detective Inspector Jason Tunn, from the PCeU.
“I remind all computer users that police do not use such a method to impose or enforce fines, so if you are confronted by such a page do not enter any of your details. Call police on 101."
Given that this type of malware has in the space of a year gone from relatively uncommon to a major nuisance affecting large number of users across the developed world, police have arguably been rather slow to act.
"Ransomware unfortunately looks to be a huge new threat to computers and IT systems, both personal and corporate,” said Ross Brewer of software firm LogRhythm.
“Usually, ransomware hijacks do turn out to be a simple demand for money to unlock the PC, but often hackers may also install infected computers with backdoors that anti-malware software may not detect, which allows them to gain further access to the computer’s data at any time,” he warned.
The bottom line: don’t be tempted to pay the attacks because not only might criminals not send an unlock key but the infected PC will probably have been compromised in other less obvious ways.
Techworld has covered the rising menace of ransomware from its origins some years ago with individual programmers in the Ukraine and Russia who built proof-of-concept encryption malware to today’s burgeoning criminal industry.
There have been numerous, now almost weekly, reports of individuals and businesses affected by this type of malware, including an attack earlier this week in Australia in which a medical centre had its entire medical database encrypted in a targeted attack on the organisation’s server.
One should draw a distinction between these more complex manual, targeted attacks and automated mass-market malware that sets out to con consumers. Either way, one defence is to offline or off-site cloud backup of data and as well as a separate system image.
In November, Symantec published a report detailing the explosion in ransom and blackmailing malware and the huge profits that are being made by criminals from this type of attack.