New Evolution: Ransomware Gets Tough

Wednesday, March 30, 2011 @ 04:03 PM gHale

A new variant of a ransomware program is able to get in the system and then can encrypt personal files with an uncrackable algorithm.

Ransomware is as it sounds. It is an application that can block critical system functionality or lock access to important documents and then demand money from its owner to restore normal operations.

Security experts are saying this is the next step in the evolution of scareware, programs that scare users into paying money by making false claims. For the most part you can safely clean up ransomware programs, especially those that block access to the system, according to security researchers from Kaspersky Lab.

The programs that encrypt personal files are more dangerous if the algorithm is not crackable and can lead to problems like data loss.

This is the case of programs in the Gpcode ransomware family, which make use of the secure RSA public-key algorithm with an 1024-bit key.

Once installed, these applications start encrypting files with predefined extensions, including documents and images, and post a warning message on the desktop advising users to read an instructions file that tells them to send money if they want the special encryption key.

One of the changes in the new variant is criminals switched to ukash or psc pre-paid cards as payment method, according to Kaspersky Lab researchers.

There’s little users can do to recover their files if they’ve been affected. However, Kaspersky’s Nicolas Brulez said if users can, they should unplug their computers immediately when they see the warning message.

This is because encrypting files on a large hard drive takes time and if the process stops before it finishes, some data will remain intact. Booting the operating system back up is not an option because the encryption process will resume.

Instead, users should remove the hard drive and install it as slave in another computer where they can transfer the data, or they can boot from a Linux CD and copy the unaffected files to an external storage device.

In order to avoid such problems users should make regular backups of their most important files. They should back up on storage devices disconnected from the operating system or using online services.