Many types of malware exist to infect computers for one purpose or another. Viruses, worms, Trojans, key loggers, adware, and spyware are a few examples. One of the growing categories of malicious code is ransomware. In a typical scenario, the user will download something that seems safe, but it isn’t. The malicious code will install on the computer, and take hold of the user’s interface. In most cases, when a computer is first booted up, the ransomware will display a screen demanding payment before allowing access to the computer, i.e. holding the computer for “ransom.”
Many ransomware attacks also contain scare tactics. Several even present a screen with the FBI logo saying that child pornography has been found on the system, and you must pay or face jail time. It’s bogus, and intended to fool people into thinking inappropriate material was accidentally downloaded, and that they need to pay to get into the system and delete it.
Here’s an example:
First, the obvious advice: make sure you’re using an up-to-date endpoint security software, and that your operating system and applications are patched.
Second, let me share with you a funny story that just happens to be real (I could make this up, but I don’t have to.)
The Don & Mike Radio Show when I was growing up used to have a segment called “crooks are stupid” where they would explain a criminal doing something incredibly dumb to get caught. This story would have made that segment.
From the local county police Daily Incident Report for the day:
“Indecent Liberties | Possession of Child Pornography – On July 1st, detectives from the Special Victims Bureau began an investigation into a child pornography case. The investigation revealed that the accused came into the Garfield District Station in Woodbridge to inquire if he had any warrants on file for child pornography. The accused allegedly received a “FBI Warning” message on his computer while viewing child pornography at his residence. The message instructed the accused to pay a fine or be subject to a criminal investigation. The accused voluntarily brought his computer to the station and, following a search, several inappropriate messages and photos of underage girls were recovered. Detectives were able to identify one of the girls as a 13 year old from Minnesota. A search warrant was obtained and executed at the home of the accused. As a result, computers and other electronic devices were seized. Following the investigation, the accused was subsequently arrested on July 23rd. The FBI message that the accused had originally received was determined to be a virus and not a legitimate message. The investigation continues.”
Translation? This gentleman’s computer was infected with ransomware. He drove to the local police substation, where he provided them the computer which actually did contain child pornography. In an odd twist of fate, the malicious code he downloaded fooled him into getting arrested. At least there’s one less moron trolling the Internet.
If you are, like many, confused about what the bad guys are doing to get onto your system, and what they’re doing once they’re on, get educated. Security companies offer regularly scheduled publications on the latest, like Symantec’s Internet Security Threat Report, Sophos’ Security Threat Report, or SourceFIRE’s VRT Blog.
If protecting your children online is a major concern, check out the Internet Safety 101 training from Enough is Enough. Their program is designed to educate and empower parents and teachers on the tricks and tactics used by the people trying to harm or exploit children.
Today, we share a laugh over one more criminal behind bars, but let’s not forget there are more out there every day. Do your best to keep your systems and information secure, and your children safe and aware of who and what is out there on the World Wide Web.
-nK