Saturday, January 19, 2008

Dangerous New Ransomware Infection Hits the Internet

A brand new version of ransomware has made its way to the Internet. This new spyware infiltrates your computer and encrypts your files. After encrypting those files, the ransomware asks you to pay up to $300 to receive the decryption code and recover your data. This new malware infects your computer through Internet downloads of questionable programs and utilities. The name commonly given to this Trojan is ‘”. This dangerous Trojan has the ability to actually change the user rights on your computer to a higher level, so it can change files and the Windows registry. The Trojan also inserts itself into on of your legitimate Windows processes to remain in your computer’s memory and avoid detection. Below is an example of an email message you will receive from this ransomware once your files have been encrypted: Example ransomware email text: You will need at least a few years to decrypt these files without our software. All your private information for the last 3 months was collected and sent to us. To decrypt your files you need to buy our software. This price is $300. To buy our software please contact us at ____________and provide us your personal code_____________. After successful purchase we will send your decrypting tool, and your private information will be deleted from our system. Besides encrypting data and demanding money, this malware also features backdoor keylogging features designed to steal confidential bank account and credit card details. To protect yourself from this malware, it is very important to have an updated antivirus/antispyware program like StopSign Internet Security. Also, make sure you back your data on a regular basis. Ransomware is not a new tactic. Previous virus strains, such as the PGPCoder family, used the same tactic. Ransom-A threatened to delete a file every 30 minutes unless prospective victims paid $10.99 to stop the process. Another type of malware, Arhivieus A, attempted to coax users into purchasing pills from an online drug store rather than asking directly for money. A recent analysis from the security research firm Secure Science Corporation (SSC) has outlined a large number of similarities between the new GpCode and another version of ransomware that appeared in 2006. Of the 168 functions identified in GpCode, 63 were identical to this 2006 version. The SSC has also found evidence of GPCode’s effectiveness. “In the 8 months since November, we’ve recovered stolen data from 51 unique drop sites. The 14.5 million records found within these files came from over 152,000 unique victims,” says the report. Some of the main targets of this recent ransomware attack have been computers belonging to the U.S. government, contractors and companies in the transportation industry. Some spyware experts believe that the extortion threat involved in this outbreak of ransomware is actually a clever trick to conceal the hacker’s true motivation, which could be purely data gathering. It is troubling to government officials that many of the infected PCs are related to the transportation sector, because of the possibility of terrorist attacks. Ransomware is a dangerous Internet threat which will likely reappear in many forms in the upcoming years. Remember to get a comprehensive antivirus program, keep it updated regularly and back up your data often. These are important steps to take in the battle against any new spyware. Jason Dick is an Internet Security Specialist . Mr. Dick is a Tier-3 certified antivirus technician with extensive experience creating customized antivirus solutions for new and resistant spyware and virus infections. In addition, he has spent several years consulting with the average home computer user helping them get the most from their Internet Security Software. He is currently writing a number of articles regarding responsible computer use, internet security, spyware and virus trends and other pertinent technology news to share his knowledge and expertise.To read more of Jason s articles visit:

No comments: