According to a research, a new file encrypting program has been discovered, which is used by cyber-criminals to extort money from users. The research reveals that they do not require advanced programming skills to create such ransomware threats, when strong encryption technology is freely available on the web.
Ransomware typically propagates as a Trojan that enters a system via internet, USB device, downloaded file or applications or due to vulnerability in a network service. It then starts encrypting personal files on the hard drive. If the user wants to decrypt the affected files, he need the private key, which the hacker owns and to get this private key, user has to pay a ransom demanded by the cyber-criminal.
Research suggests that these cyber-criminals make use of a simple batch file as a core component of this ransomware attack. This batch file downloads a 1024-bit RSA public key from the server and imports it into GnuPG. The open-source GnuPG is a free encryption program available on the internet that can also runs from the command line. It is used to encrypt the victim’s files to get ransom in return. Victims are asked to pay a ransom of €150 (around USD 200) to recover them.
This ransomware encrypts files with the following extensions: .xls, .xlsx, .doc, .docx, .pdf, .jpg, .cd, .jpeg, .1cd, .rar, .mdb and .zip. Moreover, it affects the following systems: Windows 2000, Windows 7, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Server 2008, Windows Vista, and Windows XP.
The uniqueness of this threat is its simplicity and the fact that these criminals chose to use a genuine open-source encryption program instead of creating their own implementation, which malware authors often do. This proves that creating ransomware can be done simply with very little cost and without advanced programming knowledge. However, this simplicity will lead to an increase in the number of such threats in the future.
What should a computer user do?
- Update your system with the latest antivirus software such as eScan that protects your system from all kinds of Malware attacks.
- Enable firewall in your PC to ensure you are secure on local networks and the Internet.
- Keep your computer’s security settings to a higher level. Configure your computer’s AV settings to perform automatic system updates.
- Set a password policy. Complex passwords are hard to crack.
- Avoid clicking on any pop-up that appears, especially pop-ups which are displayed on an unknown website.
- Keep all of the software installed on your computer up-to-date. Especially software from Microsoft, Adobe, Oracle Java, and others.
- Before downloading any program or software do through research about the reputability of the company that is selling the program or software.
- Configure your email server to block email that contains malicious file attachments.
- Think before opening an email attachment sent from an unknown sender, open it only if you are positive about the source.
- Disable AutoPlay to stop automatic launching of files from the network and removable drives.
The best way to know whether your PC has a malware infection is to run a free scan. Use the Free eScan tool kit from here. No installation required. http://www.escanav.com/english/content/products/MWAV/escan_mwav.asp