Olongapo Telecom & Information Technology

Monday, June 27, 2005

‘Ransomware’ to bring online havoc, security experts warn

By melvin g. calimag , MB


A recent security summit organized by Microsoft Philippines brought into the local limelight — possibly for the first time — a new social engineering technique called "ransomware" which, according to security experts, may become more widespread if not addressed early.


Ransomware is a scam in which information is stolen from a computer user. The information is then encrypted, blocking the user access to the data unless a ransom is paid.

"What makes it dangerous is the fact that it is beyond the reach of traditional computer security firms because a human element, which is the paying of ransom, is involved," said Viren Mantri, a strategic security services principal for Southeast Asia and India of McAfee.

Mantri related that a number of incidents involving ransomware have been recorded in the United Kingdom where gaming sites were forced to pay up after they were hijacked so they can continue offering games to their subscribers.

So far, there have been no reported cases of ransomware in the Philippines. But it will be a just matter of time before it reaches local shores, he warned.

An AFP wire story quoted Symantec, a manufacturer of anti-virus programs, was able to track down a case in the US in which a ransomware entered the computer via holes in the victim’s Web browser, scanned the hard drive, and encrypted any text-based documents it found.

The new threat erased the text files then displayed a ransom note demanding $200 to supply decryption software that will restore the data back to its original, readable form, the report added.

What is ironic in ransomware, according to IDTheftSecurity.com founder Robert Siciliano, is that it employs encryption — a technology originally meant for security of online activity.

"Ransomware’s victims… probably haven’t heard of the scam, just as most people had not heard of phishing until recently," Siciliano stated. "The problem is in the awareness — or lack thereof."

Ransomware and phishing — the practice of sending an e-mail to solicit private information by false representation — were just some of the social engineering techniques employed by scammers that were discussed during the forum aimed at heightening awareness on security issues in the local front.

The summit, attended by IT security personnel from various local organizations, tackled how to recognize and combat social engineering — the preferred mode among scammers nowadays because victims are easily tricked to release private information.

"Social engineering is successful because it appeals to the individual, which oftentimes fuels his greed for things like money," said Jojo Ayson, head of platform security of Microsoft Philippines.

The Microsoft official said as a rule of thumb, one should not follow a certain instruction sent via the Internet unless it has been authenticated.

For Karl Verhuist, director for product marketing for Asia South of Computer Associates (CA), the best weapon against social engineering is education. CA also sells security solutions, including anti-virus and anti-spywares.

"Seventy-five percent of computer users are not aware of these social engineering techniques. Educating the people and making them aware of the dangers that they bring is obviously an important tool that can be tapped," he said.

0 Comments:

Post a Comment

<< Home