Ransomware is not a new phenomenon; it has been a threat for many years. However, most threats of this type are cracked in minutes. Kaspersky Lab has discovered a special type of ransomware that has not yet been broken, due to the fact that it is based on strong encryption.
Dubbed GpCode ransomware, it not only encrypts a user's data, but also overwrites it, hugely hindering the chances of data recovery, says Vitaly Kamluk,chief malware expert, Japan, Global Research & Analysis Team at Kaspersky Lab. He said ransomware is malware that holds a computer system, or the data contained within, hostage, demanding a ransom for its restoration.
He said a few years ago, Kaspersky Lab warned of the high risk presented by such malware, and stated that the company expected it to become even harder to crack in the future. Now that time has arrived, and it is something that should be of concern.
GpCode is a Trojan-type threat. At present it is believed to be only infecting Windows PCs. PCs that are infected will display a 'ransom note', usually written in broken English. The note will typically read:
“Attention!!!! All your personal files were encrypted with a strong algorithm RSA-1024 and you can't get an access to them without making of what we need! Read 'how to decrypt' txt-file on your desktop for details. Just do it as fast as you can! Remember: don't try to tell someone about this message if you want to get your files back! Just do all we told.”
The cyber criminals will then demand a fee, or money to be wired.
Kamluk says paying the fee rarely works, and users should avoid doing this at all costs. He added that it is nearly impossible to recover the machine's data once infected. “As soon as you receive a ransom note, pull the plug on your PC. Do not continue to use the PC as this will ruin any chances of recovering the data. “Infections of this nature are almost the same as permanent removal of data from the hard drive.”
He added that in 2008, Kaspersky Lab developed a program to unlock the data, but said GpCode is far stronger and more complex. “It doesn't delete files after encryption; it overwrites data in the files, rendering data-recovery software null and void.”
To put the ransomware threat in perspective, he said currently, the average number of monthly samples of ransomware number 9 743. “The logical assumption is that there are at least 325 active ransomware gangs out there. A botnet of 137 bots brings $30K to SMS ransomers in five weeks. From this we can conclude that the average ransomer earns $4 800 per month. Worldwide, ransomware generates $1.6 million per month.”
With no quick-fix currently available, immediately switching off the PC may be the only hope of not losing all data, Kamluk added. “Even pulling the power cord, if need be, the faster the better.”
Share