Thursday, 20 December 2012

The FBI holding computers for ransom?

Hackers have started to exploit the FBI’s name to take computers for ransom. It's part of latest scam in the US to come out of the creative hacker’s pot of tricks and is just in time for the festive season.

FBI RansomwareThe owners of the computers that have been targeted are greeted with a pop-up message pretending to be from the Federal Bureau of Investigation.

The message states that their computer has been locked by the FBI and that they must click to pay a fee in order to release it.

The hack is known as a ‘ransomware trap’ and is effective at what it does; holding your computer hostage until you pay the amount stated... and it works. People are believing that it really is the FBI. And the logo is just one of the many being used by criminals.

The computer security company Symantec released a report last month which claimed that 2.9% of the computers infected, have the owners cough up the money. Meaning that this one scam is worth about £3 million a year!

Ransomware is the second most popular type of malware being installed by criminals using popular exploit kits, which are designed to infect computers. But this is not just confined to the US. In the UK there have been reports of hackers using the Metropolitan Police logo to trick victims into paying £100 electronically to free their computer.

The ransomware application Reventon is the most well-known kit. It’s a Trojan programme that pops up warning messages using a respected logo depending on the country the vistim is in.

Elad Sharf, lead senior security researcher at Websense stated: “Ransomware is an increasingly common type of malware that attempts to extort money from a computer user by infecting and taking control of the victim’s machine, taking the files or documents stored on it hostage’.

He added that ransomware Trojans make it into a computer through malicious email attachments, clicking a suspicious link in an email or even on a social networking site; just like we saw on Tumblr a few weeks ago (Tumblr Hacked by GNAA).

If you or someone you know falls victim to this attack, do not pay the fine. Often times the hackers do not live up to their word of freeing your computer. And even if they do, they’ll often leave malicious software behind which gives them access to any documents or information you might have in that particular computer. There are several ways of removing the malware. You can visit an IT security professional to unlock it for you or you could even do it yourself, just watch the below how to video:



Mr Sharf also stated something you should keep in mind: “Remember also that the legitimate sources in Britain won’t use these tactics to tell you of a local compromise and then demand a financial reward to remediate the issue”.

Find out your seven deadly sins, how hackers exploit them and how you can avoid falling victim to their scams: Hackers & how they exploit 'the seven deadly sins'.

To learn to how to protect yourself and/or your company, why not take the world renowned CISSP course and gain your certification. The Certified Information Systems Security Professional (CISSP) is offered by (ISC)2. CISSP professionals are in very strong demand; it’s one of the key certs employers look for to fill management-level information security positions. To find out more click here.

For more information about security courses, and to find the right one for you, follow this link: http://www.firebrandtraining.co.uk/courses/security. You can also find information about the top 5 IT security certifications here: http://www.crisp360.com/news/top-5-it-security-certifications



About the Author:
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, IT training, , IT certification trends, project management, certification, careers advice and the IT industry itself. Sarah has 11 years of experience in the IT industry.