Featured Article

Ransomware continues to evolve into new variants



Ransomware, which morphed from scareware fraud around 1998, isn’t abating. Fraudsters are still holding electronic devices ransom with creative variants and extorting money and personally identifiable information. Here are some of the historical and current developments plus ways to help others avoid ransomware.

Duke Winston had just graduated from a university with a degree in marketing and was excited to start work with a major San Francisco advertising firm. One evening a message flashed on his computer screen that said his files were encrypted, and he had to click on a link to a website and pay $300 to gain access to the key to decrypt his files. If he didn’t pay the ransom in seven days, the message said, the amount would increase. Duke talked with a friend who worked for a computer company, who said the ransomware probably infected Duke’s computer when he clicked on a malicious link or file in an email or attachment. However, Duke lucked out because he’d previously backed up all his files. He could keep his $300.

Even though Duke’s story is fictitious, thousands of individuals and businesses still are ransomware fraud fodder for online criminals, and many of them aren’t as fortunate as Duke.

Based on the escalating number of major ransomware attacks reported by the media last year, we could easily get the impression that this scheme is a relatively new phenomenon. But the first variant of ransomware, PC Cyborg, which evolved in 1998 from scareware fraud, is increasingly showing up as numerous variants.

Although losses from ransomware were relatively minor in its earlier years, they’ve grown significantly from about $24 million in 2015 to $1 billion in 2016, according to Danny Palmer in his Sept. 8, 2016, ZDNet article.

And back in May 2017, Jonathan Berr of CBS’s Moneywatch said that losses from the “WannaCry” ransomware alone (described below) could reach $4 billion in 2017.

In both ransomware and scareware fraud schemes, fraudsters follow the same script by using extortion tactics to panic victims and trick them into unloading their cash and divulging their personally identifiable information (PII). We can consider ransomware to be a “new and improved” version of scareware fraud.

 


For full access to story, members may sign in here.

Not a member? Click here to Join Now. Or Click here to sign up for a FREE TRIAL.