15:36 7 March 2017
FEATURE: Japan becoming prime target of "ransomware" crime
By Ichiro Kitamoto
TOKYO, March 7, Kyodo
Computers of Japanese companies and individuals are becoming the prime target of an attack using "ransomware" -- programs that bar victims from accessing their business files or family photos unless they pay money to do so.
"Attacks on Japanese businesses have been particularly large in number," said Masakatsu Morii, professor of information and telecommunications engineering at Kobe University's Graduate School of Engineering.
"The attackers may have come to know that Japanese would pay money," he said.
A computer gets infected with ransomware typically when its user opens a file attached to a spam email from a sender pretending to be a company, often a parcel delivery company, according to the government-affiliated Information-Technology Promotion Agency.
Such malicious programs encrypt files in the infected computers. Victims cannot open their files unless obtaining the key to decipher the codes, which the criminals would give them in exchange for money.
Yoshihito Kurotani, a researcher at the agency's engineering department, said basic encryption technologies are used in the programs.
The agency has received many inquiries asking for help from victims who say "I cannot see my photos" or "My files were encrypted and I cannot do business."
Those bogus emails "used to be written in English or unnatural Japanese, but we have seen increasing attacks using natural Japanese recently," Kurotani said. "Japan has evidently been a target."
Computer security firm Trend Micro Inc. said it received reports of 2,810 cases in Japan of ransomware attacks in 2016, marking a 3.5-fold jump from the previous year.
"Tactics are expected to be even more sophisticated in 2017," a Trend Micro official said.
The company's survey conducted last June shows that about 60 percent of companies attacked paid ransoms. The payment in one case exceeded 10 million yen ($88,000).
Not only the blackmailing but transactions in the programs themselves have become a profitable business among cyber criminals. The programs are traded in online black markets that cannot be accessed without the use of special software.
In the so-called "dark web" networks, various programs are sold, including multilingual ones and one that can be used for a "lifetime" for $39. The people who post the programs would get profits by taking a share of the ransom payments.
Personal data are also sold in the dark web. Firms undertaking the delivery of unsolicited emails do business there, too.
Katsuyuki Okamoto, a security evangelist at Trend Micro, said it has become easier and easier for a person to be part of a cybercrime.
Cyber security experts warn that users should protect their computers by always keeping operating systems and antimalware software up-to-date and should constantly back up their data.
They said victims should never pay a ransom and there is no guarantee that their files would actually be restored.
"If you pay money to the criminals, that will only help them create a new virus," Okamoto said. "So you should never pay them money."