16 crime gangs control world ransomware assault: Symantec

Ransomware distributors are raking in around $5 million dollars a year and the spoils are being spread amongst just 16 crime groups, according to Symantec.

Symantec’s latest research report suggests police-themed ransomware could be a replacement to the once-lucrative fake antivirus “scareware” trade.

But ransomware still remains some way off scareware, which netted one scheme $100 million over several years. Symantec’s estimates suggest a significant but not yet thriving crime business, which delivers each operation, on average, $300,000 a year.

Ransomware typically demands fees of AU$100-200 from victims and is generally coupled with the threat of data destruction or in its lesser form, blocked access to a computer.

The threat could easily pose as the Australian Federal Police or, as one campaign targeted at UK consumers, the hacker network Anonymous. There are currently three main police ransomware targeting Australians, according to the botnets.fr malware wiki. The latest version, emerging at the beginning of November, is most likely the product of an affiliate program that lets distributors create their own version of ransomware, according to a maintainer of the botnets.fr wiki.

While police ransomware presents similar messages, Symantec’s research suggests an evolution in the market with crime gangs turning to a wider range of trojans to support the schemes.

In the last two months, five new trojans have been employed in such campaigns, marking a departure from early 2011 when the number of variants were few.

The security vendor has pin-pointed the variation in one stream of ransomware to a single unidentified individual who has been “programming ransomware on request” for several gangs. Ransomware’s evolution is similar to the scareware market’s trajectory, according to Symantec.

One upshot for potential victims of ransomware that Symantec highlights is that it’s a noisy scam which screams infection and could prompt victims to run a full clean-up on their systems and in the process remove other malware that helped it get there in the first place.

“The presence of ransomware on a computer will usually prompt the computer owner to clean the machine thoroughly, removing any malware from it,” says Symantec.

This might have a knock-on effect of disrupting the distribution network.

“Malware distribution networks may refuse to distribute such obvious malware, forcing the ransomware gangs to develop their own distribution methods.”

But currently facts don’t support the theoretical possibility. In Europe, where police ransomware first emerged as the alternative to its porn-accusing predecessor, victim rates remain higher than other parts of the world. One unnamed European bank pegged Q2 2012 earnings at a minimum of AU$1.04 million and a maximum of $2 million, which was a more than two-fold growth on both extremes in Q1 2012.

Symantec estimated one ransomware gang was able to convert 2.9 per cent of ransom threats to actual paying victims, in line with the 3 per cent reported by London’s Metropolitan Police in August this year.

Extrapolating from an infection count of 68,000, Symantec estimated the earnings could have netted the gang $33,600 in one day.

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Tags symantecransomware

Comments

Comments are now closed

CSO Corporate Partners
  • f5
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Open Space Security Suite

Kaspersky Open Space Security provides complete business protection in a single integrated suite of applications that work seamlessly across all platforms.

Security Awareness Tip
Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.