- Cape businessman known for starting NARS dies at 49 (2/23/17)9
- Man shot by police ID'd; witness shares his side of story (2/17/17)31
- MSHP: McLendon shot in side; autopsy refutes witness account (2/19/17)23
- Apparent punch at girls basketball game propels lawmaker into action (2/21/17)4
- Business notebook: Owners ready to roll out the Barrel 131 (2/20/17)6
- Missouri bill would limit transgender school bathroom access (2/22/17)48
- Annual father-daughter dance provides some fun bonding time (2/19/17)1
- SoutheastHEALTH, Washington University School of Medicine announce collaboration (2/24/17)18
- City issues precautionary boil order near Arena Park (2/23/17)
- $22M bond issue would alter Jackson schools (2/22/17)12
New infection holds computer files hostage
WASHINGTON -- The latest threat to computer users doesn't destroy data or steal passwords -- it locks up a person's electronic documents, effectively holding them hostage, and demands $200 over the Internet to get them back.
Security researchers at San Diego-based Websense Inc. uncovered the unusual extortion plot when a corporate customer they would not identify fell victim to the infection, which encrypted files that included documents, photographs and spreadsheets.
A ransom note left behind included an e-mail address, and the attacker using the address later demanded $200 for the keys to unlock the files.
"This is equivalent to someone coming into your home, putting your valuables in a safe and not telling you the combination," said Oliver Friedrichs, a security manager for Symantec Corp. The company said Tuesday the problem was serious but not deemed a high-level threat because there were no indications it was widespread.
Leading security firms this week were updating protective software for companies and consumers to guard against this type of attack, which experts dubbed "ransom-ware."
Joe Stewart, a researcher at Chicago-based Lurhq Corp., managed to unlock the infected files without paying the $200, but he worries that improved versions might be more difficult to overcome.
Internet attacks commonly become more effective as they evolve over time and hackers learn to avoid the mistakes of earlier infections.
"You would have to pay the guy, or law enforcement would have to get his key to unencrypt the files," Stewart said.
The latest danger adds to the risks facing beleaguered Internet users, who must increasingly deal with categories of threats that include spyware, viruses, worms, phishing e-mail fraud and denial of service attacks.
In the recent case, computer users could be infected by viewing a vandalized Web site with vulnerable Internet browser software. The infection locked up at least 15 types of data files and left behind a note with instructions to send e-mail to a particular address to purchase unlocking keys. In an e-mail reply, the hacker demanded $200 be wired to an Internet banking account. "I send programm to your email," the hacker wrote.
There was no reply to e-mails sent to that address Monday by The Associated Press.
Ed Stroz, a former FBI agent who now investigates computer crimes for corporations, said the relatively cheap ransom demand -- only $200 -- probably was deliberately low to encourage victims to pay rather than call police and to discourage law enforcement from assigning these cases a high priority.
"That's a very powerful threat," Stroz said. "If somebody encrypted your files, you need this stuff now to do your work."
FBI spokesman Paul Bresson said more familiar Internet extortion schemes involve hackers demanding tens of thousands of dollars and threatening to attack commercial Web sites, interfering with sales or stealing customer data.
Experts said the Web site where the infection originally spread had already been shut down. They also said the hacker's demand for payment might be his weakness, since bank transactions can be traced easily.
"The problem is getting away with it -- you've got to send the money somewhere," Stewart said. "If it involves some sort of monetary transaction, it's far easier to trace than an e-mail account."
On the Net:
Details of attack: www.websensesecuritylabs.com/alerts/aler...
Websense Inc.: www.websense.com
Lurhq Corp.: www.lurhq.com
Symantec Corp.: www.symantec.com