Pittsburgh Tech Guy

Cyber extortionists shilling "ransomware" have upped the ante by pushing users' panic buttons with claims that their malware will wipe hard drives, a security firm said Monday.

The claim is bogus, said Symantec, and is simply a ploy by scammers preying on people's fears.

"This is an attempt to extort money from computer users by taking advantage of human weakness when under panic and pressure," wrote Symantec researcher Jeet Morparia in a Dec. 24 blog post.

Ransomware is a long-standing label for malware that, once on a personal computer, cripples the machine or encrypts its files, then displays a ransom note that demands payment to restore control to the owner. The technique, flatly called "an extortion racket" by Symantec last month, has been in use for at least six years. Until relatively recently, it was rare and ineffective and seen mostly in Eastern Europe.

The new ransomware variant, which Symantec identified as "Trojan.Ransomlock.G" but is called "Reveton" by other antivirus vendors, claims that any move to circumvent the lockdown will trigger disaster.

"An attempt to unlock the computer by yourself will lead to the full formatting of the operating system. All the files, videos, photos, documents on your computer will be deleted," the on-screen message reads.

Not true, said Morparia, who added that Symantec's analysis found no disk wiping capability in the malware's code. More importantly, Symantec was able to remove Ransomlock.G and unlock the machine without any formatting taking place or files deleted.

The new version also featured other changes, Morparia said, including a $100 price hike, from $200 to $300, to "unlock" the PC, and a fake deadline of 48 hours shown by an on-screen countdown timer.