The Cyber Pirates
Could anybody imagine ten years ago that kidnapping would get digital? asks Puneet Mehrotra.business Updated: Jun 02, 2006 15:01 IST
Ransom gets digital
In this era of digitisation everything that was once real is getting digital.Could anybody imagine ten years ago that kidnapping would get digital? Well it is digital now. Consider the following incident.
A woman from greater Manchester has become a victim of an internet scam in which hackers hijacked her computer files and blackmailed her.Helen Barrow, a 40 year old nurse from Rochdale, is believed to be one of the first victims. Criminals encrypt files with complex passwords, leaving a ransom note telling victims not to contact police. A note said that she would have to buy drugs from an online pharmacy to find out the password.
Digital evolution of viruses from malware to ransomware
The digital evolution also simultaneously witnessed the evolution of viruses. Every progress in the digital world has been followed by growth in computer viruses and other forms of malicious code. While some have been non-threatening innocuous little viruses to showcasing the developer's creativity others have been used for threatening information and systems, and even netspionage.This is perhaps the first time a malicious code is being used for ransom. Pay up or see your data go. This new phenomenon is being termed as ransomware.
Some of the earlier viruses can broadly be categorized into:
Archiveus - the ransomware
The ransomware dubbed as archiveus has been around for around a month. Archiveus copies all of the files in the victim's "My Documents" folder to a new folder and then it scrambles them with an encryption program protected by a 30 character password. The original documents are then deleted.
A ransom note text file that accompanies Archiveus says victims can obtain a password to decrypt the file folder if they purchase anything from one of several online Russian pharmacies.It attempts to force the victim into buying pharmaceuticals from a Russian website for $75 or more a bottle, depending on the drug. Presumably, the trojan author is an affiliate of the "Pharma Shop" website, and will get a cut for each sale which originated with his/her affiliate ID.
Since Pharma shop is presumably already operating outside of US jurisdiction and is also apparently involved in spam as well as dispensing controlled substances without a prescription, it makes it unlikely that the owner of the website would cooperate with efforts to obtain the identity of the affiliate spreading the trojan.
Even worse, the trojan author suggests that the victim can even make money off of the scheme, by reselling the drugs, in effect coercing them to become an international prescription drug trafficker.
The Helen Barrow story
In Helen Barrow's case the hackers had seized and encrypted very important files for her nursing degree studies and they demanded the purchase of items from a Russian pharmacy before they would release a password which would enable her to retrieve her work.
Andy Sharples, an IT professional from Littleborough, got the ransomware off Helens computer through reverse engineering the virus and tracing the 30-character password needed to decrypt the files.
An international body - the step forward
The Helen Barrow story fortunately had a happy ending. But the threat of ransomware is real. Much deadlier than the threat of earlier viruses.As business gets digital so does the reliance on data. Entire organizations perhaps even nations can be held to ransom. The Helen Barrow and the archiveus is a simple case in the evolution of a virus that could have grave repercussions in its more complex avatars. The solution to ransomware isn't about profiting a single anti virus company or a single organization. The solution has to be much greater like an international body that is empowered to monitor and take punitive action against its perpetrators.
First Published: May 25, 2006 16:13 IST