01 Dec 2010

New malware holds computers for ransom

Computer users seem to face enough internet security threats as it is, with the prevalence of Trojans and malware that steal data and spread spam. According to Computerworld, Ransomware is now becoming increasingly popular, giving users a new threat to monitor.

Two different ransomware campaigns have emerged lately, says Chet Wisniewski, a security advisor at an antivirus company. Wisniewski’s company recently discovered a malware strain that used malicious PDF documents to exploit vulnerabilities in Adobe Reader. The hole has since been patched.

The malware encrypted the user’s Microsoft Office files, making them unreadable. User’s were then presented with a demand for $120 and a threatening message. "Remember: Don't try to tell someone about this message if you want to get your files back! Just do all we told." [sic] read an on-screen warning.

Wisniewski said there is currently no way to decrypt the damaged files, although researchers are working on a solution.

Ransomware has been around for several years. In 2007, a ransomware called GpCode Trojan attacked computers and held them for ransom, telling users that their files had been encrypted with a 4,096-bit key, a claim that turned out to be false. GpCode is believed to be the source of the current ransomware attacks.