I had always thought of encryption as a tool for security, never a tool for hackers. That changed when I came across this recent article about Ransomware, a Trojan that gains access to a user’s files and encrypts them against their will, essentially denying a user access to their own media and Microsoft Office files. This Trojan is so named because it asks for a $120 ransom in exchange for decrypting the files. Once the Trojan is installed, the wallpaper on the victim’s computer turns into a ransom note, reading "All your personal files (photo, documents, texts, databases, certificates, kwm-files, video) have been encrypted by a very strong cypher RSA-1024. The original files are deleted. You can check this by yourself - just look for files in all folders. There is no possibility to decrypt these files without a special decrypt program. Nobody can help you - even don't try to find another method or tell anybody."
Victims of this Trojan have acquired it from a defective pdf file, named Troj/PDFJS-ML, which downloads and installs the Ransomware. The article that I posted below states that this Trojan has the capability of encrypting a number of different types of files, including jpg, .jpeg, .psd, .cdr, .dwg, .max, .mov, .m2v, .3gp, .doc, .docx, .xls, .xlsx, .ppt, .pptx, .rar, .zip, .mdb, .mp3, .cer, .p12, .pfx, .kwm, .pwm, .txt, .pdf, .avi, .flv, .lnk, .bmp, .1cd, .md, .mdf, .dbf, .mdb, .odt, .vob, .ifo, .mpeg, .mpg, .doc, .docx, .xls, and .xlsx, but that it usually only encrypts the first 10% of a file.
The article does not, however, offer much advice as to what one should do if faced with this type of attack, other than that you should not pay the ransom. All computer users should prevent this kind of attack by making sure to install all software updates (especially for Adobe Acrobat) and by backing up their files in case they do become inaccessible.
Posts
No comments:
Post a Comment