Ransomware Attack Resurfaces to Hold Files Hostage

November 30, 2010 – 9:02 PM

Malware is all about money. Spyware stealthily captures keystrokes and sensitive data to compromise accounts. Phishing attacks lure users into unwittingly surrendering account credentials and other crucial information. Ransomware uses a much less subtle tactic of demanding the money directly in exchange for the safe return of your own data.

The ransomware attack uses a Trojan to encrypt your data, then notifies you that you must pay a ransom if you want the hostage data returned to you. A SecureList blog post explains, “this type of malware is very dangerous because the chances of getting your data back are very low. It is almost the same as permanent removal of the data from your hard drive.”

The latest ransomware attack seems to be a variant of the GpCode Trojan that has made seemingly annual reappearances to extort money for the past few years. A compromised system will show a Notepad pop-up, or change the desktop background to display a message that reads “Attention!!! All your personal files were encrypted with a strong algorithm RSA-1024 and you can’t get an access to them without making of what we need!” This grammatical nightmare is followed by more broken English instructions directing you to read a text file explaining that a ransom of $120 is required to get the decryption key.


You must be logged in to post a comment.