Don’t pay your ransom via SMS

Dancho Danchev is one of my favorite cybersecurity bloggers. I am particularly impressed by his uncanny ability to dig up and thoroughly report on so many emerging cyber-threats; his is definitely one of the blogs I follow religiously. Danchev’s latest find is an easily accessible retail version of “ransomware” – a particular type of malware ...

Dancho Danchev is one of my favorite cybersecurity bloggers. I am particularly impressed by his uncanny ability to dig up and thoroughly report on so many emerging cyber-threats; his is definitely one of the blogs I follow religiously.

Danchev’s latest find is an easily accessible retail version of “ransomware” – a particular type of malware that holds an infected computer hostage until a ransom is paid – that demands its victims to send an SMS to a premium number and obtain a code to unlock their computer. What’s most disturbing is that anyone could buy a do-it-yourself version of this randsomware for the mere $15 and then use it in any manner they’d like. 

In this particular case it may be relatively easy to track the attackers as they have to rely on a mobile operator to receive the text messages; however, there slowly appear more sophisticated approaches that bypass the mobile operators and rely on virtual money instead, which makes it almost impossible to trace the criminals. As this and many other examples reveal ,the market in cyberextortion is getting more liquid by the day; the real question is whether anyone would be smart enough to package the idle capacity created by this liquidity and sell it openly to anyone with a grudge and a credit card to pay for the service. 

Curiously, the plurality of innovative ransomware campaigns seem to target exlusively Russian-speaking Internet users. While most documented attempts to use ransomware appear driven by purely commercial interests, I can easily see how they could be used for political purposes, especially in war time- not necessarily to demand money, but simply to exert pressure through psychological operations.

The question that lingers on the minds of many cybersecurity analysts is whether Russian cybergangs be eager to export these tricks abroad, once they have honed them on their own citizens. I guess we’ll know the answer when Russia gets into yet another squabble with its smaller neighbors. 

photo by gcbb/flickr

Evgeny Morozov is a fellow at the Open Society Institute and sits on the board of OSI's Information Program. He writes the Net Effect blog on ForeignPolicy.com

More from Foreign Policy

Russian President Vladimir Putin and Chinese President Xi Jinping give a toast during a reception following their talks at the Kremlin in Moscow on March 21.
Russian President Vladimir Putin and Chinese President Xi Jinping give a toast during a reception following their talks at the Kremlin in Moscow on March 21.

Can Russia Get Used to Being China’s Little Brother?

The power dynamic between Beijing and Moscow has switched dramatically.

Xi and Putin shake hands while carrying red folders.
Xi and Putin shake hands while carrying red folders.

Xi and Putin Have the Most Consequential Undeclared Alliance in the World

It’s become more important than Washington’s official alliances today.

Russian President Vladimir Putin greets Kazakh President Kassym-Jomart Tokayev.
Russian President Vladimir Putin greets Kazakh President Kassym-Jomart Tokayev.

It’s a New Great Game. Again.

Across Central Asia, Russia’s brand is tainted by Ukraine, China’s got challenges, and Washington senses another opening.

Kurdish military officers take part in a graduation ceremony in Erbil, the capital of Iraq’s Kurdistan Region, on Jan. 15.
Kurdish military officers take part in a graduation ceremony in Erbil, the capital of Iraq’s Kurdistan Region, on Jan. 15.

Iraqi Kurdistan’s House of Cards Is Collapsing

The region once seemed a bright spot in the disorder unleashed by U.S. regime change. Today, things look bleak.