Cyberscofflaws are now using encryption to hijack and ransom users files, according to Websense, a California-based Web security firm. News.com reports that a Websense customer was victimized in early May, 2005. The victim visited a malicious Web site exploited a known vulnerability in Internet Explorer to surreptitiously install the PGPcoder/Gpcode Trojan. The malware selected 15 files from the victim's hard drive, encrypted the files, removed the originals, and then presented a message asking $200 for the encryption key. Fortunately, Websense was able to break the malware's simple encryption and decode the files.
Although not yet a common attack, this type of attack will only increase. Pranksters and academics no longer dominate the computer crime landscape. Organized criminal groups are following the money into cyberspace. Electronic ransom and blackmail through DoS and DDoS attacks offer the opportunity for significant gain with little, or no, chance of being caught and severely punished. Ransoming individual files or individual systems is unfortunately a natural progression.
Bill Detwiler has nothing to disclose. He doesn't hold investments in the technology companies he covers.
Bill Detwiler is Managing Editor of TechRepublic and Tech Pro Research and the host of Cracking Open, CNET and TechRepublic's popular online show. Prior to joining TechRepublic in 2000, Bill was an IT manager, database administrator, and desktop support specialist in the social research and energy industries. He has bachelor's and master's degrees from the University of Louisville, where he has also lectured on computer crime and crime prevention.