Ransomware Could Be Taking Advantage of Your Browser History

Imagine clicking on a website and suddenly finding your computer is locked. On the screen, you see a notice claiming to be from the FBI’s Internet Crime Complaint Center. The complaint accuses you of an online offense, and you are instructed to send a payment immediately. If you don’t, according to the information on your screen, you risk arrest.

Unfortunately, this imaginary scenario is all too real. In November 2012, the real Internet Crime Complaint Center (IC3) released information blaming attacks like these on a piece of ransomware called Reveton. Authorities are always discovering more virus information that allows them to better understand these attacks. Until then, keep your antivirus software updated and take precautions to defend your computer.

How Ransomware Works

Almost always, ransomware freezes a computer by disabling important files or encrypting data. You visit a compromised website and the malware hitches a ride on your computer via “drive-by download.” An on-screen message pops up claiming you have committed a crime. To unfreeze the computer, the message demands you pay a fine to a law enforcement agency.

Ransomware can also use information from your browser history to create a more authentic-looking onscreen message. A piece of ransomware called Kovter places your IP address, its host name and the name of a website you have visited on a fake onscreen notice claiming to be from the U.S. Department of Justice. Other forms of ransomware can hijack your webcam and take a photo that is incorporated into the fake message.

How to Respond if Your Computer Is Infected

Ideally, you want to prevent these problems by downloading and installing a high-quality security package. Set your machine to conduct automatic updates so you always have the latest protection.

The bad news is breaking the encryption key when a remote hacker has jumbled your data is difficult for the average user. Therefore, you should take these steps to protect your machine, your data and your wallet:

  1. Back up your data. How many times have you heard the suggestion you should back up your data? Restoring information from a backup is usually your only alternative if ransomware encrypts your data. Take the time to complete this vitally important but often overlooked safety step.
  2. Know something about the alleged sender. The FBI never sends unsolicited email and never asks people for money. Also, if the fake message accuses you of downloading pornography, know the Department of Justice usually doesn’t deal with pornography unless it contains images of minors.
  3. Don’t pay the blackmailers. Never, ever send money to the address given by the message. The FBI doesn’t collect money anyway, but they wouldn’t use wire transfer or MoneyPak if they did.
  4. Contact the authorities. You may be embarrassed, but admitting it to police is better than losing money. As long as you haven’t downloaded any indecent material containing children, you’re probably in the clear. File a report with IC3 or contact your local authorities.
  5. Have a professional wipe your machine. You may be able to get your system up and running, but the malware may still be in the background collecting your account numbers, passwords and other sensitive information. Take your computer to a professional and have them remove the malware.
  6. Avoid shady websites. No security software is perfect, so steer clear of websites notorious for passing on malware. Although any website can be compromised, statistics show 48 percent of all drive-by malware comes from sites featuring adult content.

Ransomware is tedious for users of infected machines, but it’s a moneymaker for malware producers so it’s not going anywhere soon. Take precautions, and make sure your money stays safe and sound in your bank account. Also, lose the good intentions and back up your data.


About the Author: Grace Huntington is a journalist who specializes in IT-related issues. She holds joint degrees in writing and cyber security.


Leave a Reply