Cyber criminals charge users to return stolen data

Kaspersky finds new ransomware as cyber criminals become ever more brazen

Cyber criminals are using malware to encrypt data on users' hard drives, and threatening to permanently delete it all if users don't pay a ransom of $125 (£78).

This new variant of well-known malware GPCode demands that the sum be paid in the form of Ukash pre-paid vouchers, according to security experts Kaspersky Lab who discovered the variant.

"It seems the criminals are moving away from conventional money transfers and now prefer pre-paid vouchers instead," said Nicolas Brulez, senior malware researcher with Kaspersky's global research and analysis team.

The malware installs itself on victims' hard drives when they visit an infected web site. It then starts encrypting data without the user's knowledge. The computer then displays the following message:

"All your personal files have been encrypted by a very strong cypher. There is no possibility to decrypt these files without a special decrypt program. Nobody can help you, even don't try to find another method or tell anybody."

It adds that help will be provided for $125, then warns: "Any harmful or bad words to our side will be a reason for ignoring your message and nothing will be done."

Kaspersky has been so far unable to crack the encryption code.

"The encrypted files cannot be recovered because of the strong encryption algorithm employed," it stated.