Cyberscofflaws are now using encryption to hijack and ransom users files, according to Websense, a California-based Web security firm. News.com reports that a Websense customer was victimized in early May, 2005. The victim visited a malicious Web site exploited a known vulnerability in Internet Explorer to surreptitiously install the PGPcoder/Gpcode Trojan. The malware selected 15 files from the victim's hard drive, encrypted the files, removed the originals, and then presented a message asking $200 for the encryption key. Fortunately, Websense was able to break the malware's simple encryption and decode the files.
Although not yet a common attack, this type of attack will only increase. Pranksters and academics no longer dominate the computer crime landscape. Organized criminal groups are following the money into cyberspace. Electronic ransom and blackmail through DoS and DDoS attacks offer the opportunity for significant gain with little, or no, chance of being caught and severely punished. Ransoming individual files or individual systems is unfortunately a natural progression.