(CNN) -- Computer
criminals have launched a new type of online attack
that steals information, encrypts it, then demands a
ransom from the computer owner to get the material
analysts believe the ransom demand will lead to the
arrest of the crooks.
converts information into a code so that people
cannot read it. A secret key or password is required
to decrypt, or decode, the material.
experts said such a scheme has been around awhile,
but in the past has usually been attempted by
company insiders or the infamous "disgruntled
former employee" with computer skills.
This is the
first time that an automated program has been
designed to attempt the crime, according to Mark
Rasch, chief security counsel for Solutionary Inc.
very surprised if the FBI does not catch this
guy," said Rasch, who spent a decade directing
the U.S. Department of Justice computer crime unit.
a demand for payment means a victim must somehow
interact with the "filenapper," increasing
the possibility that some type of electronic
"trail" will lead back to the culprit.
guy will have gone through many, many steps to
conceal his identity, through pirated or hacked
accounts," Rasch said.
But, he said,
the e-mail is ultimately going to be associated with
an IP (Internet protocol) address, and the criminal
will have to have some way of collecting the ransom.
The type of
attack, known as a Trojan, was first identified by
the San Diego, California-based security company
Websense Inc. two weeks ago.
had only one report from the field on this
attack," said Dan Hubbard, senior director of
security and technology research at Websense.
find a report of a similar attack that was posted
from a person in Russian on a newsgroup. The person
claimed they had been victimized early this
year," he said.
number of victims may never be known, because many
people may be so embarrassed that they just pay the
thief and never report it to authorities.
estimated the number of people targeted is probably
in the hundreds, compared to many viruses and worms
that can impact millions of people.
PandaLabs, a computer security company based in
Madrid, Spain, said the program can encrypt files
such as Microsoft Word documents, HTML (web pages),
JPGs (images) and XLS (Microsoft Excel
spreadsheets), and from compression programs ZIP and
encryption is complete, the original information is
removed and a text message asking for $200 in ransom
tactic is new and somewhat clever, Rasch says the
same type of diligent personal and corporate
security efforts used to combat other computer
malware can go a long way to quash this threat.
It's the same
short but critical list that computer security
companies suggest with every Internet virus or worm:
update anti-virus, anti-spam, and anti-spyware
software on a regular basis.
Use a personal
or corporate firewall. Don't download material from
sites you are not certain about. Never click on an
e-mail attachment you are not expecting, or from an
scam targets a security hole in Windows software,
but a patch, or fix, for that vulnerability has been
available for months.
It is usually
possible to set up a computer so that security
updates are downloaded and installed automatically.
what may be most important to remember in combating
this threat is to back up critical material.
backing up does not mean putting another copy on
your hard drive!" he said.
people are caught in a fire, what do they race to
save? Photographs that are irreplaceable. And where
are many people's photos these days? On their
backups should be made of all critical data, he
said, and stored in a different place than with the