Instances of ransomware increase 30 per cent

Authors target personal computers

Malicious code designed to hold personal information to ransom has increased 30 per cent in the second quarter of the year, according to PandaLabs.

This technique known as ransomware uses malicious programs to prevent users from accessing their own documents. When they try to open certain files, users will see a message telling them their information has been ‘kidnapped’ and demanding a ransom in order to release it.

One such example is Ransom.A, first detected on April 28. Once it has infected a computer, Ransom.A threatens to delete a random file every 30 minutes, until the victim pays the sum of $10.99 (£6) The ransom in this case is relatively low - in some cases victims are asked for up to $300 (£157) - but the speed with which the damage is inflicted is aimed at encouraging users to pay as soon as possible.

To avoid being traced, the blackmailer asks for the money to be paid via Western Union. Once payment has been received, users receive the code with which they can disable the Trojan and recover the files.

Arhiveus.A, which first appeared in May, also belongs to this category of threat. Its payload is typical of this type of malware: it encrypts the content of the ‘My Documents’ folder and then deletes the original files. Up to here, nothing new.

However, what is surprising is what Arhiveus.A demands in order to release the hijacked files. After a series of typical messages ('You can not guess the password for your archived files', 'password length is more than 30 symbols', 'Reporting to police about a case will not help you'), the following message comes as something of a surprise. 'WE DON'T WANT YOUR MONEY! We just want to do business with you.'

In fact, Arhiveus.A gives precise instructions to users so they can recover their files. What they have to do is buy products from an online drugstore.

Finally, the infamous PGPCoder family of Trojans has undergone a radical transformation, now using RSA asymmetric key encryption. However, as new variants of this family have appeared, the key has become longer (some variants have been detected with 330 and 660-bit keys), making it increasingly difficult to decrypt kidnapped files.

What do you think? Email us at [email protected]