Ransomware: Computers Held Hostage

As computer technology around us continues to advance, so too does the development of computer viruses, spyware and malware. The latest digital plague is called ransomeware, malicious software that takes over the hard drive of infected computers until ransom is paid.

When one considers the enormous variety of computer viruses that exist today, it is difficult to decide where to start a discussion of the topic. As of today, there are 768 distinct “families” of malware listed on Symantec’s Security Response page, some of whom possess hundreds and thousands of “offspring.” In 2010, it was estimated that 5 malware samples emerged onto the internet every 30 seconds, with 15-20 Trojans being released every 30 minutes.

As we know from experience, these viruses can cause a variety of serious and not so serious consequences, from needing to use file backups and anti-virus programs to wiping your computer back to factory settings. However, a new kind of virus known as ransomeware has become increasing prevalent, which is all the more concerning given that victims of ransomeware often do not inform the authorities. One of the most prominent recent examples of ransomeware is known as the Reveton virus, and it poses significant risk. Reveton is defined as “drive-by” malware for a very good reason, because unlike many other viruses, downloading or opening files and attachments is not needed for the virus to spread. In fact, merely clicking on an infected site can instantly lead to your computer being locked.

Ransomeware functions by encrypting or otherwise blocking access to a computer’s hard drive. Once this is accomplished, the malware generates warning messages that resemble those of law enforcement and governmental agencies (FBI, U.S. Justice Department, etc.). These messages usually claim that the computer user has broken some law, which ranges from computer-use negligence to accusations of child pornography present on the system, massive illegal downloading and other serious charges. Some variations of Reveton are even sophisticated enough to remotely access webcams, so that a picture of the computer user will display on the frozen screen along with the warning to lend credibility. However, the “FBI” is perfectly willing to let these crimes slide, as long as you pay the fine using your personal information (which will be stolen) and a prepaid money card (which is untraceable). To accomplish this, the malware can ascertain the computer’s geographical location from their IP address, then make appropriate payment service suggestions based on that data.

As if all of this wasn’t bad enough, the original Reveton malware has been “upgraded” with the incorporation of the Citadel Trojan. While not a new Trojan, due to its versatility and open-source customization, Citadel remains a favored tool in crimeware kits by remaining on the system even after the ransom has been paid. This provides further opportunities for identity theft and access to personal and financial data by including the capabilities to steal login information, use key-logging programs and employ man-in-the-browser techniques to alter web transactions in real-time. In addition, the malware is smart enough to generate unique pages for each country that ransomeware appears in. This way it appears that the correct agency is monitoring you.

Because of the very personal nature of this scam, as well as the potential consequences for crimes like child pornography, ransomeware is only recently coming to the attention of the mainstream. While these viruses are not impossible to remove, many individuals will simply pay the fine rather than risk causing any legal troubles by talking to the authorities themselves.

Other varieties of ransomeware viruses include fake anti-virus and anti-spyware programs, as well as copyright protection services who “scan” your computer for copyright protected materials and force you to pay a fine.

Subsequent investigation has traced the likely source of such malware to the activities of a Russian cybercrimes gang who have been very active over the last few years. Countries that have been affected by this strain of ransomeware include Germany, the U.K., Spain, France, Italy, Belgium and the U.S. However, despite the dire nature of ransomeware, there are several steps that you and your business can take to prevent ransomeware infections. The Internet Crime Complaints Center or IC3 recommends these following steps if you contract Reveton:

  • Do not pay any money or provide any personal information.
  • Contact a computer professional to remove Reveton and Citadel from your computer.
  • Be aware that even if you are able to unfreeze your computer on your own, the malware may still operate in the background. Certain types of malware have been known to capture personal information such as user names, passwords, and credit card numbers through embedded keystroke logging programs.
  • File a complaint and look for updates about the Reveton virus on the IC3 website.

If you suspect you have malware, ransomware, or any type of viruses, running antivirus isn’t always enough. Reach out to us and have one of our professional computer technicians check your computer and network for any signs of malware. You can call us at 905.763.7896

Share on facebook
Share on google
Share on twitter
Share on linkedin

The PACE Difference – We’re in this business to help other small businesses grow and move forward. It’s as simple as that.

Toronto, Ontario’s IT Experts. Nestled smack in the middle of the thriving Technology sector of Markham, Ontario, PACE Technical Services Inc. is comprised of a dynamic group of professionals dedicated to bringing Fortune 500 I.T. solutions to small and mid-sized businesses in the Greater Toronto Area.


475 Cochrane Drive. Unit 4

Markham, Ontario L3R 9R5

Phone: (905) 763-7896

Email: sales@pacetechnical.com