Watch out — your data may be kidnapped

Rather than having data destroyed by a random hacker, the latest trend is for information to be held to ransom

Small and medium-sized companies are being advised to back up data if they want to avoid the risk of ransomware — the use of malicious code to hijack user files, encrypt them and then demand payment in exchange for the decryption key.

Security specialist Kaspersky Labs on Monday warned that the encryption algorithms used by cybercriminals are becoming increasingly complicated, foxing antivirus companies.

"There's a potential situation where antivirus companies won't be able to decrypt the files," said David Emm, senior technology consultant at Kaspersky UK. "Within a corporation, the IT department normally backs up files. The danger is where attacks are launched at smaller businesses [without IT departments] and individuals."

Trojan horse programs can be sent out as spam or hidden on malicious sites. Once a machine is infected, files are either encrypted individually or grouped together and locked in a password-encrypted folder.

Strong algorithms such as RSA public key encryption, one of the most popular technologies, are increasingly being used by criminals to foil the decryption techniques used by antivirus companies.

Since January, Kaspersky has seen an increase in the strength, from 56 to 660bit keys, of the encryption being used by hackers to lock files. "Virus writers' attitude to date is that encryption only needs to be strong enough. It's alarming that we're now getting onto the level of serious encryption," said Emm.

Kaspersky claims to have seen an increase in the amount of ransomware, but says it has not seen an epidemic."It seems to have been escalating, but it's just one weapon within their arsenal," said Emm.

Antivirus vendor Sophos said that businesses should not have a problem with ransomware, as their files will have been backed up.

"If your data is backed up, you can recover," said Graham Cluley, senior technology consultant for Sophos.

For Sophos, a bigger problem is "filenapping". Once a machine is infected, all files and information are copied and wiped from the original system. A victim must then pay a ransom to recoup their filenapped data.

Sophos said it was not seeing "a tidal wave of activity", but confirmed that encyption algorithms used are getting more sophisticated.

Last month Greater Manchester Police decided not to pursue the criminals who used a Trojan horse program called Archiveus to lock a Rochdale woman's files and demand a ransom to release them.