Washington – The latest threat to computer users doesn’t destroy data or steal passwords – it locks up a person’s electronic documents, effectively holding them hostage, and demands $200 over the Internet to get them back.
Security researchers at San Diego-based Websense Inc. uncovered the unusual extortion plot when a corporate customer they would not identify fell victim to the infection, which encrypted files that included documents, photographs and spreadsheets.
A ransom note left behind included an e-mail address, and the attacker using the address later demanded $200 for the digital keys to unlock the files.
“This is equivalent to someone coming into your home, putting your valuables in a safe and not telling you the combination,” said Oliver Friedrichs, a security manager for Symantec Corp. The company said Tuesday that the problem was serious but not deemed a high-level threat because it wasn’t widespread.
The FBI said the scheme was unlike other Internet extortion crimes. Leading security and anti virus firms this week were updating protective software for companies and consumers to guard against this type of attack, which experts dubbed “ransom-ware.”
“This seems fully malicious,” said Joe Stewart, a researcher at Chicago-based Lurhq Corp. who studied the attack software.
Stewart managed to unlock the infected computer files without paying the ransom, but he worries that improved versions might be more difficult to overcome.
