For Crying Out Loud….What Now???

Ransom-ware, we read about it in the past and are appalled at the concept. Similar to scareware, in which a crook tells you that your computer is infected and by buying their worthless software, it is now fixed. Ransom-ware, takes this one step further as some cyber-criminal downloads a Trojan Horse on your computer and voila, your computer is held hostage. You can do nothing until a ransom amount, normally in the $79 range is paid. However, now it seems that they have up’d the ante even more.

With copyright infringement cases gaining more coverage in the news, these criminals are now using the MPAA (Motion Picture Association of America), the RIAA (Recording Industry Association of America), and others to scam money from unsuspecting computer users. While innocently browsing the internet, a pop up will appear on your computer telling you that an “Anti-piracy foundation scanner” has detected some copyright infringed material on your computer. They actually will threaten you with court action. However, they do give you an option to settle to the tune of $399.85, for which they provide an itemized statement of the charges. Oh, and by the way, for your convenience they accept credit cards.

The scary thing is that you cannot get rid of this pop up (which is actually a screen saver), even shutting down your computer and rebooting will result in the pop up appearing again. And if you do shut down, another threatening message appears stating that by taking this action (shutting down) you are stating that you are not cooperating and that they recommend canceling this and agreeing to their settlement proposal (of course they do).You are basically dead in the water at this point. All in all, this is very realistic looking and an unsuspecting user is liable to fall for this scam.

Security companies are saying that the domain is operated out of the country of Moldova, a small landlocked nation near the Ukraine. The Ransom-ware is designed so as to adapt to the user’s computer. It will display messages in the languages of  Czech, Danish, Dutch, English, French, German, Italian, Portuguese, Slovak and Spanish, based on the specific settings on the infected computer. Although, any transactions made does not seem to actually be tied to an actual cash charge, the crooks are still able to collect pertinent credit card information, either to be sold, or for use in future scams.

Security Companies such as F-Secure have an online scanner that will remove this bug. You can get their online scanner by going HERE.

Knowing what to look for is the key in not getting trapped by one of these scams. Here is a listing of some general things to do in order to protect yourself from scare-ware/ransom-ware attacks:

1) Make sure all of your software is up to date. Secunia’s Personal Software Inspector (PSI) does a good job of letting you know whether all your programs, and plug-ins are up to date and secure. PSI is free for consumer use and can be found HERE.

2) Run with the lowest Rights that is possible. Meaning whenever you are not downloading anything and are just surfing the web, do not run with Administrator’s rights, but run under a “Limited” account.

3) Run in a sandbox using Sandboxie. This will keep you protected, should you accidentally click on a bad link or open a malicious web page or PDF, as nothing will be saved, and your computer will revert back to it’s original state, when you leave the ‘Sandbox”.
Sandboxie can be found HERE.

4) Turn off JavaScript. I know that by doing so will break most web pages, but the fact is, that JavaScript is very vulnerable. Using a plug-in like “No Script” is also a viable option. You will need to take the time to configure this so as not to break web pages. You can always turn JavaScript back on should it just become unbearably aggravating. But again, JavaScript is simply not safe.

5) And as always, make sure all of your anti-malware and anti-spyware software is up to date and turned on.

Stay Safe Out There!!!