EXPERT RESPONSE
We do see periodic ransomware outbreaks, as bad guys try to make some money by encrypting important information on infected machines and then offering to sell decryption keys or software to the victim so that he or she can recover the data. Just a couple of months ago, a new version of Gpcode reared its ugly head, exhorting its sad victims with this message:
Hello, your files are encrypted with RSA-4096 algorithm
http://en.wikipedia.org/wiki/RSA
You will need at least few years to decrypt these files without our software. All your private information for last 3 months were collected and sent to us. To decrypt your files you need to buy our software. The price is $300.
If you will not contact us until 07/15/2007 your private information will be shared and you will lost all your data.
Glamorous team
Isn't that lovely? I'm particularly amused by the "Hello" salutation up front, and the Wikipedia reference to the algorithm used for the crypto.
(By the way, it's likely untrue that the files themselves were encrypted with the RSA public key crypto algorithm. Symmetric algorithms usually encrypt hundreds of times faster than public key algorithms, and encrypting with RSA would be an inefficient choice. Perhaps the bad guys just cite RSA because it sounds scarier, or because they used it to encrypt the symmetric key. The files themselves, however, are likely encrypted using a symmetric key algorithm, like AES, DES or IDEA.)
While these ransomware attacks do occur, they are not terribly common today. The payoff is often so small that attackers turn their attention to more reliable methods of getting money from infected machines: spyware, keystroke loggers, search results customization, spam relays and so forth.
Most antivirus vendors have signatures that can block the common ransomware manifestations of the past. While there isn't a huge threat here, it is always a good idea to keep a backup of your vital files. Try to get into the habit of backing up once per week or so. You'll be happy that you did. But the reason for doing so is likely not going to be the threat of ransomware; you are far more likely to suffer a hard drive failure, something that occurs quite regularly and can wipe out your data.
More information:
While estimates of its size and scope vary, security researchers say the Storm Trojan is here to stay.
Fight malware with a fully loaded USB flash drive.
|
