Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
    Digg this story   Add to del.icio.us  
Cryzip Trojan encrypts data, requests ransom
Published: 2006-03-14

Ransomware is back.

A security firm has found, what it characterized as, the third known case of a program holding data for ransom. The malicious program searches for 44 different types of files, encrypts them, and then leaves a note for the user to pay $300 for the password to recover the files, according to an analysis by security firm LURHQ.

"Do not try to search for a program what encrypted your information - it is simply do not exists in your hard disk anymore," states the typo-littered ransom note, according to LURHQ. "If you really care about documents and information in encrypted files you can pay using electonic currency $300. Reporting to police about a case will not help you, they do not know password. Reporting somewhere about our e-gold account will not help you to restore files. This is your only way to get yours files back."

While other cyber-extortion schemes exist, there are only three known cases of a file-encrypting program that attempts to ransom a victim's data, according to LURHQ. Last year, antivirus firms revealed that a program, dubbed PGPcoder, encrypted victim's files and demanded $200 for the password to the files.

The latest Trojan to hold people's data hostage has a fatal flaw. The password for all systems is the same and is stored in plaintext on the victim's system, according to LURHQ. The password is C:\Program Files\Microsoft Visual Studio\VC98.



Posted by: Robert Lemos
    Digg this story   Add to del.icio.us  
 
Comments Mode:







 

Privacy Statement
Copyright 2009, SecurityFocus