NOW READ THIS
("Security Advisory")
| Go Back |
Submitted by: Bill Hickey
NCVA List Master
NRT-0250 Ransomware Trojan Reappears:
Kaspersky Lab security researcher Aleks Gostev has disclosed that GpCode "ransomware" - a Trojan horse last seen in 2006 - has reappeared and is trying to extort $300 from users whose files the malware has encrypted, according to a posting to the research center's blog. Some non-Russian users informed the Lab that their documents, photos, and archive files had turned into junk data, and a file called 'read_me.txt' containing a "ransom" note had appeared on their systems. Gostev hinted that the blackmailer was likely Russian. "The email address is one that we've seen before in LdPinch and Banker [Trojan Horse] variants, programs which were clearly of Russian origin," he said.
The blackmailer's claim that the files were enciphered with RSA-4096 - the RSA algorithm locked with a 4,096 bit key - is bogus, said Gostev. Another oddity, he added, was that the Trojan has a limited shelf life: from July 10 to July 15. Kaspersky claims to be working on a decryption schemeto recover the files.
(www.computerworld.com 16JUL07)