Cyber criminals are planning to produce new forms of ransomwareon an unprecedented scale, according to IT security firm Sophos.
Ransomware is a type of Trojan malware used by criminals to block access to target computers so they can demand payment for restoring access.
In recent weeks the UK’s National Crime Agency’s National Computer Crime Unit has warned small and medium enterprises about the Cryptolocker ransomware that encrypts file on targeted machines.
The US computer emergency response team (US-Cert) has issued a similar warning to US computer users about emails that appear to come from financial institutions, but install Cryptolocker.
The malware is designed to encrypt files on the infected computer and any network it is attached to and then demand the payment of around £500 in Bitcoins to unlock the files.
Now Sophos has warned there are discussions on underground forums about ways to produce a kit to make it easier for criminals to create their own versions of ransomware.
Malware kits have been responsible in large part for recent spikes in new malware as they lower the technical barriers to entry for would-be cyber criminals and often provide technical support.
More on ransomware
- How to protect data from ransomware malware
- Spanish police arrest ransomware cyber gang
- PCeU arrests three suspected ransomware blackmailers
- Polymorphic ransomware tops malware charts
- FortiGuard Labs sees fast rise of mobile malware in 2013
- Panda spots new ransomware
- Ransomware and computer blackmail viruses: a history
- Has ransomware made a comeback?
- New ‘ransomware’ virus at large
- Ransomware: How to deal with advanced encryption
According to the security firm’s annual report into cyber crime and emerging threats, ransomware could become the market leader in malicious code.
James Lyne, co-author of the report and global head of security research at Sophos, said there is evidence that cyber criminals are keen to cash in on the success of ransomware such as Cryptolocker.
Security firm BitDefender found that in the week starting 27 October 2013, more than 12,000 computers in the US were infected with the Cryptolocker malware.
A separate attempt to shut down the network supporting Cryptolocker found almost 150 separate systems gathering responses from infected machines, according to the BBC.
The sophisticated networking capability within the ransomware means even if some criminal servers are shut down by law enforcement, the malicious network can recover quickly.
Law enforcement agencies have advised organisations against paying the ransoms demanded in untraceable bitcoin virtual currency because none of those who have paid up have recovered their data.
This approach means cyber criminals are able to cash out immediately without having to set up complex ways of monetising stolen data or laundering cash stolen from credit cards and bank accounts.
The Nation Cyber Crime Unit (NCCU) has advised anyone who is infected with this malware to report it through ActionFraud, the UK’s national fraud and internet crime-reporting centre.
The NCCU said prevention is better than cure and that UK businesses and consumers should:
- Not click on any such attachment
- Update antivirus software and operating systems
- Backup files routinely to a location off the network
- Disconnect any infected computers from the network
- Seek professional help to clean infected computers