July 27, 2006

Kaspersky Labs, an Internet security firm, said earlier this week that cyber attacks where data criminals and "data jackers" hold kidnapped computer information for a ransom are becoming more wide-spread. It's probably only a matter of time before hackers and data criminals have the upper hand in this new cyber scam.

Even if "ransomware" remains fairly rare, the security company said in a recently-published survey that the threat is increasing rapidly.

"This is the highest point in ransomware we've ever seen," said Shane Coursen, senior technical analyst with Kaspersky. "In the number of new instances of ransomware, not in the volume of attacks, we're seeing more types of this than ever before and that is specifically what worries us. But it hasn't reached its highest limit, at least not yet."

The report by Alexander Gostev, a Kaspersky senior virus analyst, tracked the evolution of ransomware from two years ago until today, and noted that each attack has upped the ante on encryption needs.

In June of last year, "Gpcode.ag" for instance, was downloaded to thousands of Russian computers from an infected Web site, then locked up files using a 660-bit key.

"This is the longest key which has ever been broken," wrote Gostev. Although it would normally take a standard PC approximately 30 years of computing time to break a key that long, "luck was on our side. Our analysts were actually able to add decryption routines for files which had been encrypted using this key to antivirus databases within a single day."

In a typical ransomware attack, the criminal reaches into a compromised computer -- victimized earlier by a worm or Trojan -- and grabs a whole bunch of files. He then encrypts those files, making them impossible for the owner to access them. Later, the attacker sends the victim an email ransom note, demanding for the encryption key that unlocks the frozen files.

"This is a very serious threat," said Coursen. "This is a threat that if it affects your system, there's no way to recover your data." And THAT is becoming more serious in deed.

As the criminals turn to ever-more-elaborate encryption, they may be able to outpace and outsmart anti-virus vendor researchers. The earliest ransomware simply stored the kidnapped files in compressed archives, then password-protected those archives. In 2006, though, attackers turned to asymmetric encryption, like RSA, to lock hijacked data.

"We'll get to the point where we're not able to reverse the encryption," said Coursen.

Gostev seconded the motion in his research.

"In spite of the fact that we were able to decrypt 330 and even 660-bit keys within a reasonably short space of time, keys of this length are already pushing the boundaries of modern cryptography," he wrote. "Anti-virus companies might find themselves powerless in the future, even if maximum computing power were to be applied to decrypting the key."

Consumers are most at risk from ransomware, Coursen added, because while businesses regularly back up data and follow set security policies, at-home and small business users usually neglect to do both.

Other than the standard advice -- update the operating system, use a firewall and deploy up-to-date anti-virus to keep the computer from being compromised in the first place -- Coursen recommended consumers start backing up.

"Backups are very important today, more important than ever," he said. "And it's so much easier to back up now."

The Kaspersky ransomware analysis can be downloaded from the company's Web site.

Source: Information Week

Save Internet Security.ca's URL to the list of your favorite web sites in your Web browser by clicking here.

Become an authorized reseller of Proxy Sentinel™ and Firewall Sentinel™. Do like the rest of our authorized resellers and have your clients benefit the important security features of our products and solutions, while increasing your sales at the same time. Click here for all the details.

You can link to the Internet Security web site as much as you like. Read our section on how your company can participate in our reciprocal link exchange program and increase your rankings in the major search engines such as
Google and all the others.