Ransomware: Next-Generation Fake Antivirus
A SophosLabs technical paper -February 2013
Ransomware is a type o malware which is widely classifed as a Trojan. It restricts accessto or damages the computer or the purpose o extorting money rom the victim. It also hasthe capability to encrypt a user’s fles, display dierent threat messages, and orce the userto pay ransom via an online payment system. There are various types o ransomware, whichwe shall describe in detail in the latter part o this paper. This paper describes in detail ourfndings about the motivations, strategies and techniques utilized in creating and propagatingransomware.
2. Ransomware versus ake antivirus
Ransomware may oten be compared to ake antivirus in the way it operates and themotivation behind it. However, what dierentiates them is the way they manipulate humantendencies and ears; ake antivirus plays on the security ears and calls or the user to takeactions in sel-preservation, whereas ransomware works either as extortion or punishment.According to Google Trends, ransomware has certainly surpassed ake antivirus in terms ouser queries on Google.
fg. 1: Ransomware more popular search term than ake antivirus since late 2011
The graph above shows ransomware has been a more popular search term than akeantivirus since late 2011. This strongly suggests that malware authors fnd ransomwareto be more proftable and convincing than ake antivirus. Another reason or ransoware’ssuccess is the act that the makers o the Blackhole exploit kit include ransomware in theirdistribution system.