Don’t pay your ransom via SMS

Dancho Danchev is one of my favorite cybersecurity bloggers. I am particularly impressed by his uncanny ability to dig up and thoroughly report on so many emerging cyber-threats; his is definitely one of the blogs I follow religiously.

Danchev’s latest find is an easily accessible retail version of “ransomware” – a particular type of malware that holds an infected computer hostage until a ransom is paid – that demands its victims to send an SMS to a premium number and obtain a code to unlock their computer. What’s most disturbing is that anyone could buy a do-it-yourself version of this randsomware for the mere $15 and then use it in any manner they’d like. 

In this particular case it may be relatively easy to track the attackers as they have to rely on a mobile operator to receive the text messages; however, there slowly appear more sophisticated approaches that bypass the mobile operators and rely on virtual money instead, which makes it almost impossible to trace the criminals. As this and many other examples reveal ,the market in cyberextortion is getting more liquid by the day; the real question is whether anyone would be smart enough to package the idle capacity created by this liquidity and sell it openly to anyone with a grudge and a credit card to pay for the service. 

Curiously, the plurality of innovative ransomware campaigns seem to target exlusively Russian-speaking Internet users. While most documented attempts to use ransomware appear driven by purely commercial interests, I can easily see how they could be used for political purposes, especially in war time- not necessarily to demand money, but simply to exert pressure through psychological operations.

The question that lingers on the minds of many cybersecurity analysts is whether Russian cybergangs be eager to export these tricks abroad, once they have honed them on their own citizens. I guess we’ll know the answer when Russia gets into yet another squabble with its smaller neighbors. 

photo by gcbb/flickr