It would be risky to generalise from one specific example in IT security, but the case of fake ransomware is intriguing.
Ransomware as you may recall is malware that makes its way into your system and holds your data to ransom by encrypting it with a key that you do not have.
Your data doesn’t go anywhere. It sits in your system, but you can’t use it anymore – or at least not until you pay off the blackmailers or find another solution.
Now, hackers have gone a step further with a fake version that relies purely on panicking you into paying up.
Fake ransomware relies on the ability of almost every internet browser to display pop-up messages.
The messages may say for example that you have been caught looking at something illegal on the net and that a fine must be paid.
To add an extra dose of realism to the threat, the hackers will also prevent you from clicking to close your browser, leaving the message about illegality and the fine on your screen.
However, if the threat is a fake, then a browser shutdown with for instance ALT + F4 (hold the alt key down, then press function key F4) on a Windows system will often put the situation right.
Fake threats like this will likely work better when used on people who are less knowledgeable about IT – or who have a really guilty conscience about what they have just been viewing on the net.
Dangers then include paying money out for no useful purpose, and clicking on a link that then sets a real ransomware infection in motion.
Fake threats also require much less time and effort to set up, as they ride in the slipstream of the real version of the threat and reports about any damage it has done.
So, whether the fake threat is plausible or not, expect to see an increasing number of fakes following the real IT security threats.