Options
New variant of ransomware: Encrypts personal files
Nobylspoon
Member Posts: 620 ■■■□□□□□□□
in Off-Topic
New Variant of Destructive Ransomware Identified - Softpedia
Security researchers from Kaspersky Lab have identified a new variant of a destructive ransomware program that encrypts personal files with an uncrackable algorithm.
Ransomware applications block critical system functionality or lock access to important documents and ask for money to restore normal operations.
It's a form of online blackmail and is considered the next step in the evolution of scareware, programs that scare users into paying money by making false claims.
Many ransomware programs, especially those that block access to the system, can be cleaned safely from Safe Mode with the right tools.
However, those that encrypt personal files are more dangerous if the algorithm is not crackable and can lead to data loss.
This is the case of programs in the Gpcode ransomware family, which make use of the secure RSA public-key algorithm with an 1024-bit key.
Once installed, these applications start encrypting files with predefined extensions, including documents and images, and post a warning message on the desktop advising users to read an instructions file that tells them to send money if they want the special encryption key.
One of the changes in the new variant is that criminals have switched to ukash or psc pre-paid cards as payment method and have raised the ransom from $120 to $125.
There's little users can do to recover their files if they've been affected. However, Kaspersky's Nicolas Brulez does advise users to unplug their computers immediately when they see the warning message.
This is because encrypting files on a large hard drive takes time and if the process is stopped before it finishes, some data will remain intact. Booting the operating system back up is not an option because the encryption process will resume.
Instead, users should remove the hard drive and install it as slave in another computer where they can transfer the data, or they can boot from a Linux CD and copy the unaffected files to an external storage device.
In order to avoid such problems users are strongly advised to make regular backups of their most important files. This should be done on storage devices that are otherwise kept disconnected from the operating system or using online services.
Security researchers from Kaspersky Lab have identified a new variant of a destructive ransomware program that encrypts personal files with an uncrackable algorithm.
Ransomware applications block critical system functionality or lock access to important documents and ask for money to restore normal operations.
It's a form of online blackmail and is considered the next step in the evolution of scareware, programs that scare users into paying money by making false claims.
Many ransomware programs, especially those that block access to the system, can be cleaned safely from Safe Mode with the right tools.
However, those that encrypt personal files are more dangerous if the algorithm is not crackable and can lead to data loss.
This is the case of programs in the Gpcode ransomware family, which make use of the secure RSA public-key algorithm with an 1024-bit key.
Once installed, these applications start encrypting files with predefined extensions, including documents and images, and post a warning message on the desktop advising users to read an instructions file that tells them to send money if they want the special encryption key.
One of the changes in the new variant is that criminals have switched to ukash or psc pre-paid cards as payment method and have raised the ransom from $120 to $125.
There's little users can do to recover their files if they've been affected. However, Kaspersky's Nicolas Brulez does advise users to unplug their computers immediately when they see the warning message.
This is because encrypting files on a large hard drive takes time and if the process is stopped before it finishes, some data will remain intact. Booting the operating system back up is not an option because the encryption process will resume.
Instead, users should remove the hard drive and install it as slave in another computer where they can transfer the data, or they can boot from a Linux CD and copy the unaffected files to an external storage device.
In order to avoid such problems users are strongly advised to make regular backups of their most important files. This should be done on storage devices that are otherwise kept disconnected from the operating system or using online services.
WGU PROGRESS
MS: Information Security & Assurance
Start Date: December 2013
MS: Information Security & Assurance
Start Date: December 2013
Comments
-
Options
tiersten
Member Posts: 4,505
Next step? People have been doing this for decades now! A few recent attempts have been thwarted because they used symmetric encryption so the key was recoverable.Nobylspoon wrote: »It's a form of online blackmail and is considered the next step in the evolution of scareware, programs that scare users into paying money by making false claims.
