New strains of malicious trojan hold data hostage

There's a new breed of ransomware in town, and it raises the stakes compared to previous viruses of this sort. Both Sinowal.FY and Gpcode.ai have been identified by security companies PandaLabs and Kaspersky Lab as malicious strains of older Trojans that encrypt users' files so that they can no longer be accessed. The Trojan then plants a readme.txt where users will find it, and inside, demands $300 in order to decrypt the files.

The ransom note tells the user in broken English that the files have been encrypted using RSA-4096 and that unless cold, hard cash is forked over within a period of time, the content of the files will be shared with the world and then deleted. However, PandaLabs says that these are empty threats—the files merely remain encrypted on the user's computer.

Not only that, but Kaspersky Lab analyst Aleks Gostev claims that the Trojan actually has a limited shelf life of between July 10 to July 15 (for reasons only the Trojan-writers understand). He also points out on his personal blog that the Trojan-writers' claim of having used an RSA-based algorithm is false: "[T]here's no sign of RSA-4096," Gostev writes.

News source: Arsetechnica

Report a problem with article
Previous Story

Microsoft learns a web-standards lesson

Next Story

No Public Windows Vista Service Pack 1 Beta anytime soon

1 Comments

Commenting is disabled on this article.