How Ransomware Infects Computers

14 November, 2012

One of the fastest growing areas of cybercrime is ransomware — a family of malware that takes a computer or its data hostage in effort to extort money from its victims. Ransomware is responsible for damaging or destroying computer files and causing loss of business for enterprises with compromised computers. You can help avoid this growing online danger by learning more about how ransomware targets victims.

Here are some of the ways computers and mobile devices can be infected:

  • Links in emails or messages in social networks — In this type of attack, the victim clicks a malicious link in an email attachment or a message on a social networking site.

  • Pay per install — This popular method attacks computers that are already part of a botnet (a group of infected computers under the control of criminals called botmasters) — further infecting them with additional malware. Bot herders, criminals who look for security vulnerabilities, are paid to find these opportunities.

  • Drive-by downloads — This form of ransomware is installed when a victim clicks on a compromised website. McAfee Labs researchers have seen an increase in drive-by downloads. In particular, users of some streaming video portals have been hit.

Ransomware is difficult to track because many people do not realize they are victims of a crime — and even if they do, they are reluctant to report it. But there is evidence that it is a worldwide cybercrime problem with a high number of victims. Authorities from around the world have issued warnings about this threat. Europol held an expert meeting to combat the spread of “police ransomware,” and the German Federal Office for Information Security and the FBI have issued numerous warnings about ransomware.

Many victims do not know what they should do aside from removing the infection from their computer. The FBI’s Internet Crime Complaint Center suggests victims:

  • File a complaint at the FBI’s Internet Crime Complaint Center (IC3).
  • Keep operating systems and legitimate antivirus and antispyware software updated.

Additionally, a user can contact a reputable computer expert to assist with removing the malware, if they are unable to do so on their own.

Ransomware continues to evolve. McAfee Labs researchers predict mobile phone ransomware “kits” will be introduced allowing criminals without programming skills to extort payments. As this threat grows, global law enforcement is working hard to combat it.