Ransomware
Computer security people have been talking about this for years, but only recently are we seeing it in the wild: software that encrypts your data, and then charges you for the decryption key.
PandaLabs points out that this is not the first time such a Trojan has made the rounds, citing PGPCoder as having a “long record on the ransomware scene.” Ransom.A is another Trojan that presented to the user both a shorter time frame and a significantly lower bounty—a file was to be deleted every 30 minutes unless the user paid up the ransom of $10.99. Finally, Arhiveus.A also encrypted user files, but instead of demanding money, instead demanded that the user purchase products from an online drug store.
There appears to be no information available regarding what happens when the user attempts to contact the address in the e-mail or whether the alleged decrypting software actually does the job it’s supposed to do. Gostev places a strong warning on his blog, however, saying that if you find yourself infected with Sinowal.FY, Gpcode.ai, or any other type of ransomware, do not pay up “under any circumstances.” It also doesn’t appear as if there is currently any antivirus solution that can help decrypt the files once they are encrypted, although Gostev says that the Kaspersky Lab team is currently working on a decryption routine.
Clive Robinson • July 23, 2007 7:13 AM
The failing with this sort of thing in the past has been the “collect money” stage. Invariably it has indicated who might be responsable (follow the money axiom).
It would be interesting to see how they are working it this time.
Of course the obvious question is at what point are the authorities not interested…
If you look at all the “you have won the lottery” scams where people send money and just how many get fleaced repeatedly.
And then see how they crooks get away with it because the Police are not interested because the value of the individual crime is to low and it crosses one or more jurisdictions.
It should therefor be possible to make it work…