At the end of 2012, as the cybersecurity predictions started rolling in for the coming year, one issue kept showing up on virtually everyone’s list. What was that prediction? Ransomware is the next big cyberthreat.

What Is Ransomware?

As the name implies, “ransomware” is malware that prevents you from accessing data or information on your computer until you pay a ransom or a specified amount of money.

Just as sophisticated phishing emails appear to be from trusted financial institutions or other respected companies, ransomware can appear to be from legitimate sources such as legal authorities or even government officials. A demand is usually made for a fine to be paid for the “illegal activity” that was supposedly found originating from your computer. The illegal activity claim could be items like copying songs or duplicating videos and violating copyright laws.  

The two commonest forms of ransomware will: lock the screen with a full-screen image or Web page to prevent access to the computer; or encrypt files with a password that prevents access to data or information.   

The other bad news for those infected with this malware is that paying the ransom does not always return your computer to normal, since users are not typically dealing with reputable actors.

For example, Skype users were targeted last year with a scary message that locked them out of their data, encrypted their files and demanded payment to the tune of $200. This ransomware displayed messages claiming the user was downloading MP3s, illegal pornography, gambling and more. And while the user was locked out of his or her computer, a script was running that was sending thousands of click fraud transmissions.

How Is Ransomware Spread?

Like other forms of malware, ransomware is typically installed on your computer when you click on a malicious link, open an infected email attachment or click on a bad social networking link. You can reduce the likelihood of an infection by using a firewall, updating security patches and ensuring that anti-virus and anti-malware software are working properly on your PC. 

If you think you have ransomware, it’s best to run a system scan with an updated security software solution from a reputable vendor, like Symantec, McAfee or Microsoft. Be advised that some ransomware won’t allow you to unlock the screen, so you may need to restart the computer with an offline disk. And while this may be obvious, you should not pay the ransom, or other complications will likely result.

One example to consider is the FBI MoneyPak Ransomware virus, a.k.a. “FBI virus.” This malware uses social engineering tactics to trick users into thinking that the FBI wants a fine to be paid for illegal computer activity. The ransomware claims, on the fake FBI Web page, that the computer owner may face jail time if the fine isn’t paid on time.

Botcrawl.com describes how to remove the FBI virus, but this is not an easy problem to resolve for most users. There are reports of the virus taking control of webcams. Others with this virus received phone calls from people who claimed to be from Microsoft or even the FBI. These calls are fraudulent, and users who are contacted by someone shouldn’t believe the claims made without proof of identity.

Tip: Technology leaders should train end users to verify all contacts from “authorities” by initiating contact themselves via trusted phone numbers or verified email addresses.

Why Is Ransomware Spreading?

How fast is ransomware growing? One reputable 2012 report claimed that ransomware extorts more than $5 million a year. Other sources say ransomware will surge in 2013 and beyond because it yields faster financial returns for malware makers than the multistep process required for making money, such as building botnets or harvesting credentials for identity theft or other online crimes.

Ransomware victims often pay hundreds of dollars to criminals; whereas other cybercrime activities usually pay much smaller amounts.

In conclusion, ransomware takes advantage of multiple forms of online criminal activity and packages them together to gain maximum impact as fast as possible. Ransomware is a scary evolution of online fraud — and you need to prepare to deal with it.

Dan Lohrmann Dan Lohrmann  |  Contributing Writer

Daniel J. Lohrmann became Michigan's first chief security officer (CSO) and deputy director for cybersecurity and infrastructure protection in October 2011. Lohrmann is leading Michigan's development and implementation of a comprehensive security strategy for all of the state’s resources and infrastructure. His organization is providing Michigan with a single entity charged with the oversight of risk management and security issues associated with Michigan assets, property, systems and networks.

Lohrmann is a globally recognized author and blogger on technology and security topics. His keynote speeches have been heard at worldwide events, such as GovTech in South Africa, IDC Security Roadshow in Moscow, and the RSA Conference in San Francisco. He has been honored with numerous cybersecurity and technology leadership awards, including “CSO of the Year” by SC Magazine and “Public Official of the Year” by Governing magazine.