Tech: Ransomware, Extortion on Your PC

Bev Ferrington knows her way around a computer. A mainframe specialist for nearly 25 years (and a hobby farmer on the sly), the Woodinville, Wash., woman suspected something was very wrong with her household PC around the 13th of July. "My computer started to run like a dog in molasses," she says. "I couldn't get anything to work." After deploying several tricks up her IT sleeve, she found a new text file planted in several locations throughout her hard drive. Titled simply READ_ME.TXT, the body of the message read like a grammatically challenged ransom note: "Hello, your files are encrypted with RSA-4096 algorithm," it began. "To decrypt your files you need to buy our software. The price is $300 ... To buy our software please contact us at oxyglamour@gmail.com." The missive was signed by the "Glamorous team," and Ferrington remembers the exact feeling that washed over her after reading it. "I knew I was screwed," she says.

Ransom notes may be the stuff of movies to most of us, the very word "ransom" conjuring images of a frothing-mad Mel Gibson shouting "Gimme back my son!" But computer worms like the Glamour strain—Trojan horses that take your personal files hostage and demand money to decrypt them—are hardly confined to the realm of science fiction. The idea of ransomware has existed in hacker circles for at least 20 years. Today, with the rise of anonymous international money transfer through services like PayPal, the idea has started to become a reality. "We are definitely seeing more of it," says Bruce Schneier, a security technologist and founder of computer security firm BT Counterpane. How much more is hard to quantify. Large companies whose accounts-payable data get compromised, for example, don't like letting the public know they've been hit, says Schneier. This means "it's hard to get a handle on how pervasive it is." But the ballpark figures that have been batted around are a bit disturbing. The security firm Secure Science Corp. estimates that in the past eight months 152,000 victims have been infected, amounting to a total of 14.5 million files corrupted by the Trojan.

The strain that hit Bev Ferrington's computer is suspiciously similar to a slightly less-sophisticated ransom worm that made the rounds about six months ago, most likely through internal networks as opposed to file attachments. In a recent report, Secure Science called the two Trojans "brothers from the same mother," suggesting that that they were most likely both created by the same person or group, probably from an organized crime syndicate in Eastern Europe or Russia. "The original authors are actively modifying the code themselves, or they sold/traded the source code to another group who is now in charge of the modifications," reads the report, implying the recent attack is the second in a series that could get increasingly difficult to detect or decode—which may mean more such assaults in the future. (A NEWSWEEK e-mail to the oxyglamour address instantly bounced back, suggesting that it is no longer valid.)

How worried should you be? Certainly if you've been backing up your data (you have been backing up your data, right?), not very. Scary though it may sound, the extortion scheme is unlikely to represent the plague of the future, according to Lance James of Secure Science. "If it made money, we'd see it all the time," he says. The built-in weakness of ransomware—even in the era of easy anonymous money transfers—is that it makes itself instantly known. "Once you identify yourself, it gets reported, it hits the news," says James. "The more effective stuff is the stuff that secretly sits in your box and steals your data. If you don't know about it, [hackers] get more gain." The would-be extortionists certainly didn't get much out of Ferrington, who says she keeps no sensitive information on her hard drive outside of a few passwords. Her computer is currently in the hands of James's firm, which is releasing a free decryption code for anyone who might have become compromised. And filenappers take note: not once did Ferrington consider coughing up the $300. "God, no," she says. "This is gross; this is highway robbery, and I'm not going to pay it." Mel Gibson would be proud.

Join the Discussion