As the name suggests, "ransomware" is a malicious attempt to hold a computer — or rather, the data that resides on it – hostage.
Cybercriminals then demand an immediate payment for its release.
These scams are prevalent – and growing – in places like the U.S., Canada and Western Europe, says security experts Symantec. In fact, findings from new research conservatively estimates cybercriminals are extorting more than $5 million a year from victims of this threat.
Symantec’s recent blog post on the research, entitled Ransomware: How to Earn $33,000 Daily, has all the nitty gritty details of this growing threat.
How 'ransomware' works
In a nutshell, thieves try to extort money from you to unlock your PC, usually via credit card payment or some form of money transfer.
While you might think there’s a live person on the other end, ransomware is usually a Trojan virus written by a tech-savvy scam artist at an earlier time – but the threat is just as serious.
Ransomware can be spread in several different ways, be it spam that led to a phishing attack or via a so-called "drive-by download," where a browser's vulnerability is exploited should you visit specific malicious websites.
Even if a victim pays the ransom to un-freeze the computer, there’s no guarantee the thieves won’t do it again – after all, they’ve paid once already.
If you get this extortion message, never pay the criminals to release your computer — even though Symantec says up to 2.9 percent of victims do end up paying ransoms.
Instead, try to restore your computer to a prior state using "System Restore" (type System Restore in the search window). If this doesn’t work, restart your computer in "Safe Mode" (usually by pressing F8 when booting up) and then run Internet security software to remove the threat.
How to fight it
You can protect yourself from ransomware in a handful of ways:
* Always back-up your important files on a regular basis. You can use a USB thumbdrive, external hard drive, recordable disc or online (“cloud”) service.
* Use computer security software that protects your PC (and wallet) against viruses and spyware attacks, and be sure to update the definitions quite often -- if it's not set up to do this automatically (which is recommended).
* Delete suspicious emails from your bank, ISP, credit card company, and so on, instead of clicking on the link that takes you to a phony site asking you for personal information. Never click on attachments you're not expecting.
* Authors of ransomware also like to use pop-up windows that warn you of some kind of malware on your machine. Don't click on the window -- instead, close it with a keyboard command or by clicking on your taskbar.
Security predictions for 2013
On a related note, Symantec has also released its security predictions for this year:
• Conflicts between nations, organizations and individuals will predominately take place in the cyber world
• As users shift to mobile and cloud so will attackers, especially exploiting Secure Sockets Layer (SSL) Certificates used by mobile devices and applications
• Madware (mobile adware) continues to spike – particularly as companies seek to drive mobile ad revenue
• New security dangers & tricks for consumers on social networks
More on Symantec security predictions can be read via this PDF.