Monday, June 06, 2005
New scams continue to beset the Internet. The emergence of a new rendition on ransomware demonstrates how criminals remain a step ahead of the public's awareness.
Ransomware steals data from computers. It then employs encryption, a technology typically—and ironically—for the security of online activity, to disallow victims from regaining their personal information until they pay a ransom.
What's maddening about ransomware is the way it steals personal information by using a technology that's also the backbone of Internet users' security. This is not an original ruse. The concept behind ransomware is nothing new, and many have attempted it. But the latest iteration is the first to utilize an automated program as the vessel.
Exploiting a vulnerability in Microsoft Internet Explorer, a malicious site that the unsuspecting user visits downloads and runs code, a Trojan Horse, to the compromised computer. This downloader then connects to another Web site, which downloads, renames, and runs an encoding application that performs a series of actions to steal the victim's personal information.
The problem with ransomware is not with the security response. Officials are familiar with this ploy, a favorite of savvy computer coders, and automation adds no significant hurdles for security response. Ransomware's victims, however, probably haven't heard of the scam, just as most people had not heard of phishing until recently. The problem is in the awareness—or lack thereof.
The consumer's learning curve will give ransomware perpetrators the time they need to do damage. Yet another scam threatens to dissuade people from participating in ecommerce. The computer, banking, and retail industries need to develop and implement a major initiative to educate current and potential customers on how to be safe and secure online.