Earlier this week, the researchers at SophosLabs examined a new strain of ransomware that had been discovered in the wild.
The malware encrypts files on the victim's computer - and demands that a ransom is paid for the safe return of their contents.
Users whose computers are hit by the malware are told to respond with a unique ID number to a Gmail or Live webmail address for the password that will unlock their data.
You can imagine how disturbing this could be to a computer user who did not have a reliable recent backup of their important documents, spreadsheets and databases.
What makes things even more menacing is that the cybercriminals don't rely purely upon the loss of data access to be an incentive to pay the ransom of 3000 Euros. They also threaten to contact the police with a "special password" that will reveal spamming software and "child pornography" files.
Your files has been descryptes using 256-bit Advanced Encryption Standart. To decrypt your files send us email with your ID to our special email: [REDACTED] or [REDACTED]
Because your computer has been hacked or someone spamming from your computer. You must pay a penalty within 96 hours otherwise we will send report to the Police with special password to decrypt some files wich contains spam software and child pornography files. (this special password is only for this files, not for all your files. Password for all your files we will send you only after payment). If first 48 hours will be ended you must pay 3000 Euro.
Enter password for the encrypted file: ______________
There may be nothing in the hackers' threat of contacting the police and making accusations of child abuse material on your computer, but you can just imagine how petrified many people might be by seeing such a message.
The threat may be worded in broken English, but the vulnerable - without reliable backups - might feel tempted to pay up the ransom rather than run into possible trouble with the authorities.
Of course, we don't recommend paying money to ransomware extortionists. There's nothing to say that they won't simply raise their ransom demands even higher once they discover you are prepared to pay up.
As always, keep your security patches and anti-virus solutions updated, your wits about you, and ensure that your backups are current and working.
Follow @gcluley
Laptop with pistol image, courtesy of Shutterstock.
![Password security infomerical leaves Ellen DeGeneres in disbelief.. and it will you too [VIDEO]](http://sophosnews.files.wordpress.com/2013/04/ellen-thumb.jpg?w=75&h=75&crop=1)
![Can multiple moving cursors really hide your password from spyware and peepers? [VIDEO]](http://sophosnews.files.wordpress.com/2013/03/cursors-thumb.jpg?w=75&h=75&crop=1)
Wait...you mean there are STILL people who don't back up?
Outside the computer industry and hobby users most people have no idea that computers need to be backed up (or virus checked, or to avoid dodgy sites, etc, etc).
This isn't their failure, it is a failure of the computer industry and also a failure of elitist computer users who think that it is "common sense" to backup.
People need to get off their pedestal and help people instead of deriding them.
My son got this on his laptop. Any way to recover from this without a back-up?
can you recommend a reliable (online?) backup utility? i already use your anti-virus/malware.
thank you
There are many available, with most giving you 2GB of free storage and relatively inexpensive rates for more. The decision maker for me was how the service encrypts the data they receive. For example (and correct me if I'm wrong) Amazon offers 5GB for free, but the data is not encrypted. On the other hand, companies like Syncplicity and Spideroak do encrypt data. I especially like and have used Spideroak for years, because everything is encrypted on your machine before it is sent, and because it works well with Linux which I now use exclusively. I use them, and I also have an encrypted partition on my HD (using Truecrypt) where ALL of my data resides. Anyone stealing or hacking into my computer would find nothing at all in my user folders. There are many reviews out there--do some independent research and I'm sure you kind find a backup solution to your liking.
I use Crashplan. They charge $5 per month for unlimited data backups from one computer, or $12 per month for a family plan of up to 10 computers in one household. Windows, Mac and Linux are all supported. You can save money via a longer term subscription or by limiting the amount of data you backup.
http://www.crashplan.com/
There is also backblaze, who charge about the same, but don't support Linux clients.
People don't think they need backups until I am called to remove a virus or replace a bad hard drive. Oh, I tell them but a month later most of them STILL don't have an external HDD or even a backup plan.
What about using Windows 7 BitLocker? How about it Graham?
Is there any evidence that the Trojan has the capability to actually download child pornography on the 'sly to the infected machine?
Also is there any 'cracking software' to decrypt the Trojan encrypted files?
A very good question, but beside the point because malware exists that is capable of turning your computer into storage for indecent images, or to steal your identity for use in another crime. Malware can be used for very ugly things.
Contrary to what Mark thinks, our attitudes have nothing to do with being elitist. When people connect their networks to the Internet, they do so at their own risk. The best we can do is try and make people aware of those risks, why they exist, and basic measures for protecting themselves. Ignorance is no longer an excuse.
any luck w/ cracking software?
Is that why Norton keeps asking me to back up but I haven't a clue how or what to do about it
besides my Norton gets rid of malware and all those viruses and things doesn't it? after all that is why we buy programs to protect our computers from this very thing right !!!!
what does a person need to back up their system all I have is pictures some poetry and stories made up for my grandchildren,some receipes. Then there are some stuff i copied on notes in facebook......games and my e-mails...I will not trust any computer anywhere to do my banking for me no sir not with all the identity thiefts out there....
The Canadian Imperial Bank of Commerce guarantees security and all with only a password that is max 8 characters limited to alpha numeric characters.
Has anyone a fix for the encrypted files?
I was the victim of this ransomware. Luckily I had backups. The hackers left their "signature" on our server (photographs of their insignia written in mandarin). We beleive they used the Remote Desktop Connection funciton to access the machine.
I can't believe people would fall for that - except those that had something to worry about - porn on their computer.
If BigBro were apply the same logic here, that was applied to the article "Are you a potentially dangerous social misfit (aka not on Facebook)?": (http://nakedsecurity.sophos.com/2012/08/07/social-misfits-are-not-on-facebook/), then all banks should scan accounts and police arrest anyone that withdrew, or paid the exact sum of "3000 Euros", the ransom demand.
I wish I had a list of all those people that freaked over this scam, I have some shares in a bridge they can get cheap.
...How do I make a backup?