Russian SMS Ransomware Earned Fraudsters $30,000 in Five Weeks

Security researchers found that a piece of ransomware which forces users to send an SMS to a premium rate number in order to unlock their computers, have earned $30,000 from an estimated 2,500 victims over the last five weeks.

The ransomware model is considered to be the next step in the evolution of scareware, but while scareware programs try to scare users into paying up money, ransomware applications force it out of them.

They achieve this by locking down critical system functionality and asking for money in order to restore it.

Since in most cases the computer can no longer be used to make payments over the Internet, the most convenient method of cashing in the extortion money is via premium SMS messages.

There have been several versions of SMS ransomware programs spotted in the wild until now, mostly targeting Russian users, but no one had a clear idea of how successful they are.

However, security researchers from Trend Micro recently managed to obtain access to a control panel which displays insightful statistics about a recent operation.

For example, in December alone, this piece of ransomware, detected by Trend as WORM_RIXBOT.A, was downloaded over 137,000 times from a single adult website.

The malicious program prevents users from accessing their desktops and asks them to send a text message costing 360 Russian rubles (around US$12) to a short number in order to receieve an unlock code.

The control panel tracked income generated by over sixty different phone numbers and the total sum was 901,245 Russian rubles (US$29,435).

"With a payment of approximately US$12 per transaction, this indicates that 2,500 people paid the ransom. Users are thus advised to be more wary about their online activities," the Trend Micro researchers write.