There's a new breed of ransomware in town, and it raises the stakes compared to previous viruses of this sort. Both Sinowal.FY and Gpcode.ai have been identified by security companies PandaLabs and Kaspersky Lab as malicious strains of older Trojans that encrypt users' files so that they can no longer be accessed. The Trojan then plants a readme.txt where users will find it, and inside, demands $300 in order to decrypt the files.
The ransom note tells the user in broken English that the files have been encrypted using RSA-4096 and that unless cold, hard cash is forked over within a period of time, the content of the files will be shared with the world and then deleted. However, PandaLabs says that these are empty threats—the files merely remain encrypted on the user's computer.
Not only that, but Kaspersky Lab analyst Aleks Gostev claims that the Trojan actually has a limited shelf life of between July 10 to July 15 (for reasons only the Trojan-writers understand). He also points out on his personal blog that the Trojan-writers' claim of having used an RSA-based algorithm is false: "[T]here's no sign of RSA-4096," Gostev writes.
News source: Arsetechnica