Jump to content

Recommended Posts

Posted

A newly-released ransomware strain's poor coding allows victims in most cases to access their files without parting with a cent.

 

A new strain of ransomware has been broken, allowing for victims to circumvent payment and access their locked data.

 

The Scraper ransomware, originally known as Torlocker, was discovered in October last year and granted the name Trojan-Ransom.Win32.Scrape. The ransomware encrypts a victim's files -- including documents, video, images and database copies -- and demands a ransom of at least $300 to unlock and decrypt documents.

 

However, due to errors in encryption algorithms, in 70 percent of cases files can be unlocked without submitting to the attacker's demands.

 

In a blog post, Kaspersky Labs analyzes the ransomware strain in detail, and within the security company's findings is the fact that in most cases, victims can get their data back without giving into demands for money.

 

First appearing in an attack against Japanese users last year, the crypto-ransomware samples obtained by Kaspersky come in both Japanese and English versions. The Trojan uses the Tor network and a proxy server to contact its owners after landing on victim computer systems via the Andromeda botnet.

 

After demanding upwards of $300, if the malware is detected and deleted by an antivirus program -- after files are encrypted -- the Trojan installs the following wallpaper on the user's desktop with a link to its executable file.

 

http://img.photobucket.com/albums/v708/starbuck50/ransomware_zpsbqjdk6ew.png

 

Victims can re-download the malicious code and notify its operators that the ransom has been paid through a dedicated TorLocker window. The data is then sent through to a command and control (C&C) server which will respond with a private RSA key if money has changed hands. The ransomware supports payments made in Bitcoin, UKash and PaySafeCard.

 

Victims are pressured to pay up through a timer system which threatens to delete the key necessary to decrypt files.

 

Unfortunately, ransomware has become a popular way to extract money from victims who inadvertently download the malware. The fear factor stems from ransomware often masquerading as law enforcement and alleging that the victim has been viewing illegal material or similar, and a time reference can cause panic which will in turn pressure a victim to pay up rather than lose their files.

 

In March, a new variant of the Cryptolocker ransomware which targets gamers. Dubbed TeslaCrypt, the malware strain impacts data files for games distributed on compromised websites, and uses the Angler exploit kit to lock systems and demand payment.

 

 

Source:

http://www.zdnet.com/article/ransomware-strain-breaks-victims-avoid-payment/#ftag=RSSbaffb68

Member of:

UNITE

  • Replies 0
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...