Ransomware isn't a new threat, but it is a growing one. According to new research released from Symantec, ransomware has become increasingly effective over the course of the last year and is set to become a major security trend to watch in 2013.

Symantec's research found that nearly 3 percent of all those who are attacked by ransomware end up paying the attackers. Hackers command ransoms of up to $460 per machine.

In a ransomware attack, a user's PC is infected with malicious code that lock ups the machine and its data. The user is then presented with a ransom note, demanding money be paid to retrieve and restore the data.


Kevin Haley, director, Symantec Security Response, told eSecurity Planet that while ransomware has been around since 2009, in the past it didn't work as well. Previously it was relatively easy to un-encrypt the ransomed data. As well, payment mechanisms used to be more problematic for attackers, as they could easily be blocked.

New and Naughty

Ransomware has evolved and attackers have solved those issues. The ransom messages themselves also have improved, tricking users into thinking their desktops have been locked by legitimate law enforcement agencies. Over the past 18 months, Symantec has identified at least 16 different ransomware variants.

According to Symantec's investigation, one ransomware operation was able to infect 68,000 machines in one month. The requested ransom was $200, with a 2.9 percent success rate. All told, the attacker could have pocketed $394,400 in one month alone.

From an infection perspective, Haley noted that pornographic websites have often been the carriers of the malware that leads to ransomware exploitation. Attacks can be resident in iFrame-based attacks and in advertising networks. The attackers then rely on attempting to embarrass the user to pay up.

Ransomware is now expanding beyond porn sites and is accelerating deployment in spam distribution networks.

Detecting Ransomware

While ransomware is a growing threat, Haley said Symantec does a good job of blocking malware with its security technologies. He admitted, however, that it is possible for some attacks to get through. Symantec maintains a long list of anti-virus definitions to help detect ransomware attacks and updates it daily for customers.

"Standard best practices would apply in general to prevent ransomware infections," Haley said. "But if you do get infected, there are also tools to get it off safely."

Ransomware victims should never pay to retrieve their data, Haley warned. "Once they get your money, they don't care and they still won't give you back your data."

Sean Michael Kerner is a senior editor at InternetNews.com, the news service of the IT Business Edge Network. Follow him on Twitter @TechJournalist.