Kaspersky discovers new 'ransomware' cyber attack

By Stuart Sumner
30 Nov 2010 View Comments
Concept image of a cyber criminal

Cyber security firm Kaspersky Lab has discovered a new type of ransomware that uses 1024-bit encryption, which makes it extremely hard to crack.

The malware is very similar to the Gpcode trojan, first detected in 2004, with new iterations appearing every year.

Further reading

Writing on the company's Securelist blog, Kaspersky Lab expert 'VitalyK' explained that the danger of the malware lies in the low likelihood of being able to retrieve data once it has infected a machine. Previous variants used less strong encryption that some security firms were able to crack, however this is unlikely to be possible with the latest version.

Infection is likely to come via the usual methods, such as an attachment in an email, or a malicious link that downloads an executable file.

Once a machine is infected, the user is likely to see a pop-up box warning that data files have been encrypted, and that the key can be bought from the hackers. Cyber criminals charged $120 (£77) in the example seen by Computing.

Kaspersky recommends switching your machine off immediately once infection is suspected, and contacting your security provider.

A second form of ransomware was also detected by the company this week. Also a trojan, although not of the Gpcode variety, this version reboots the user's PC to display a warning that the PC is blocked and will only be accessible with the correct password.

A less sophisticated form of attack, this malware overwrites the system's master boot record, demanding $100 (£64) to release it.  However, Kaspersky was able to offer a solution to this attack in its blog.

Reader comments
blog comments powered by Disqus
Newsletters
Is it time to open Windows?

Computing believes that Microsoft will start offering Windows free of charge by 2017. Is this a good thing for the enterprise?

55 %
16 %
6 %
20 %
3 %