Example Ransomware

“Ransomware,” malicious software that can make a computer or its files unusable until a ransom is paid to attackers, is on the increase in several parts of the world, particularly in Europe, Microsoft’s Trustworthy Computing team reports.

In a series of posts aimed at educating and helping individual users, as well as businesses, Tim Rains, director of product management for Trustworthy Computing, and Kim Sanchez, director of Trustworthy Computing, provide some perspective on the problem, and ways for users to combat it.

“Ransomware often masquerades as an official-looking warning from a well-known law enforcement agency, such as the U.S. Federal Bureau of Investigation (FBI) or the Metropolitan Police Service of London,” Rains writes on the Trustworthy Computing blog. An example is shown in the screenshot above.

Typically, ransomware “accuses the computer user of committing a computer-related crime and demands that the user pay a fine via electronic money transfer to regain control of the computer or its files,” he writes on the Microsoft Security Blog.

Some recent ransomware threats are known as “FBI Moneypak” or the “FBI virus” because of their “common use of law enforcement logos and requests for payment such as Green Dot MoneyPak, a brand of reloadable debit card.”

A ransomware infection and its fake warning is meant to scare the user into paying the fine, even if no crime was really committed on the infected computer, he writes.

“Some ransomware families operate by displaying a lock screen and preventing access to any of the computer’s functions,” Rains writes. “Others encrypt the computer user’s files with a password and offer to provide the user with the password upon payment of the ransom. In both cases, the computer is essentially held hostage for a ransom that, the perpetrators say, will release the computer if paid.”

“These files are being held ransom for money in some cases as much as $500,” writes Sanchez on the Security Tips & Talk blog. And just because you pay the ransom “doesn’t necessarily mean you’ll get your files back.”

The countries where ransomware was on the top 10 list of threats in the second quarter of this year include Austria, Belgium, Croatia, Cyprus, Czech Republic, Denmark, Finland, Germany, Ireland, Norway, Portugal, Slovakia, Slovenia, Sweden, Switzerland and the United Kingdom. (For more details, see the recently published Microsoft Security Intelligence Report volume 15.)

Rains writes that some “basic computer hygiene” can help protect your organization’s systems from ransomware:

• Install and use an “up-to-date real time anti-malware solution from a vendor you trust.” Some anti-malware software options are available on Microsoft’s security partner Web page.

• “Keep all of the software installed on your system up-to-date,” including software from Microsoft, Adobe, Oracle, Java and others.

• “Don't click on links or open attachments from untrusted sources, as malicious emails (spam and phishing) are one of the most common ways people encounter ransomware.”

• Regularly backup your important files, to a personal hard drive, or to a cloud storage service such as SkyDrive. SkyDrive, he writes, is “now fully integrated into Windows 8 and Microsoft Office.”

Using the cloud, he says, “is a very effective way to safeguard your data from threats like ransomware” because it means your data is stored and backed up somewhere other than your computer.

To read more, head over to the Trustworthy Computing blog, the Microsoft Security Blog and the Security Tips & Talk blog.

You might also be interested in:

· Get an exclusive look inside Microsoft’s new high-tech headquarters for the fight against cybercrime
· Microsoft helps lead panel on ways to use technology to fight child sex trafficking
· Are your passwords safe? Microsoft releases detection and removal tool to combat password-stealing trojan

Suzanne Choney
Microsoft News Center Staff