30 Aug 2006
Malicious code designed to hold personal information to ransom has increased 30 per cent in the second quarter of the year, according to PandaLabs.
This technique known as ransomware uses malicious programs to prevent users from accessing their own documents. When they try to open certain files, users will see a message telling them their information has been ‘kidnapped’ and demanding a ransom in order to release it.
One such example is Ransom.A, first detected on April 28. Once it has infected a computer, Ransom.A threatens to delete a random file every 30 minutes, until the victim pays the sum of $10.99 (£6) The ransom in this case is relatively low - in some cases victims are asked for up to $300 (£157) - but the speed with which the damage is inflicted is aimed at encouraging users to pay as soon as possible.
To avoid being traced, the blackmailer asks for the money to be paid via Western Union. Once payment has been received, users receive the code with which they can disable the Trojan and recover the files.
Arhiveus.A, which first appeared in May, also belongs to this category of threat. Its payload is typical of this type of malware: it encrypts the content of the ‘My Documents’ folder and then deletes the original files. Up to here, nothing new.
However, what is surprising is what Arhiveus.A demands in order to release the hijacked files. After a series of typical messages ('You can not guess the password for your archived files', 'password length is more than 30 symbols', 'Reporting to police about a case will not help you'), the following message comes as something of a surprise. 'WE DON'T WANT YOUR MONEY! We just want to do business with you.'
In fact, Arhiveus.A gives precise instructions to users so they can recover their files. What they have to do is buy products from an online drugstore.
Finally, the infamous PGPCoder family of Trojans has undergone a radical transformation, now using RSA asymmetric key encryption. However, as new variants of this family have appeared, the key has become longer (some variants have been detected with 330 and 660-bit keys), making it increasingly difficult to decrypt kidnapped files.
What do you think? Email us at feedback@computing.co.uk
Further Reading:
Have your say on this article
Newsletters
Latest stories from Security Technology
Latest videos
You may also like
Security Technology jobs
Technology Patent Wars
Case studies from large organisations across all sectors
... And rich media, and flexible working, and peaks in traffic ...
Upcoming Events
Join us for this Computing web seminar, in which the Head of BI at the Co-operative Group Nick Colebourn will be explaining just how he reigned in the Group’s sprawling database estate and how significant savings were realised and data quality improved as a result.
Date: 31 May 2012
Time: 11:00 AM
Live June 13th 11:00am: Register now. During this web seminar we will be looking at the sorts of incidents that can bring data centres grinding to a halt and what can be done about them.
Date: 13 Jun 2012
Time: 11:00 am
Receive the latest jobs direct to your inbox
Are you being paid what you are worth?
