Europol Ransomware Alert

Tuesday, 11 March, 2014

The European Cybercrime Centre at Europol has published its Threat Assessment on Police Ransomware - a class of computer malware that has seen exponential growth in the European Union (EU) over the last two years.

The result of a joint initiative between the European Cybercrime Centre (EC3) and the Dutch National High Tech Crime Unit (NHTCU), the report aims to increase awareness of ransomware, and also identify opportunities for international law enforcement intervention and operational coordination.

Police ransomware is a type of online fraud used by criminals to extort money through the deployment of malicious software, or malware. The malware disables the functionality of victims’ computers and displays a message demanding the payment of a ransom to regain access to their machines. The ransomware messages purport to be from law enforcement agencies, and accuse the victim of carrying out online activities such as illegal file-sharing, accessing child abuse material, or visiting terrorist websites. The criminals use real law enforcement agency logos to lend authority to their messages and coerce victims into paying ransoms to unlock their computers.

Although the exact number of victims of police ransomware in the EU is difficult to assess, it is estimated that millions of computers have been infected and tens of thousands of citizens have paid ransom demands. It is a multimillion euro business for the criminals involved.

These cybercriminal activities are facilitated by underground online forums that provide the ransomware source-code, infrastructure for distribution of the malware and money laundering services for ‘cashing out’ the illicit proceeds gained through online prepaid solutions and virtual currencies.

Ransomware ‘kits’ mean that attacks can be easily deployed and are no longer restricted to the technically savvy. New forms of ransomware are emerging - such as cryptolocker - which may have even more impact on individuals and businesses as they risk permanent loss of their data and files.

Cybercriminals will expand their pool of victims by addressing new markets, targeting different operating systems and devices. The distribution of ransomware actors and infrastructure across many legal jurisdictions complicates police investigations and therefore improved cooperation and information exchange between law enforcement authorities and private partners is essential in the fight against this cybercrime phenomenon.


Return to news menu