Experts at SophosLabsâ„¢, Sophos's global
network of virus, spyware and spam analysis centers, have warned
users about a Trojan horse that encrypts victims' computer data,
and then attempts to extort a $300 ransom.
The Troj/Zippo-A Trojan horse
(also known as CryZip) searches for files on innocent users's
computers such as Word documents, databases and spreadsheets, and
moves them into password-encrypted ZIP files. It then creates
another file informing the affected user on how they need to pay
$300 to an E-Gold account to recover their data.
Part of the ransom demand left by the Zippo
Trojan horse.
"The Zippo Trojan horse is bold as brass, scooping up your
valuable data and locking it away until you agree to pay the ransom
to the criminals who have "kidnapped" your files. Companies who
have made regular backups may be able to recover easily, but less
diligent businesses may be in a quandary about whether to cough up
the cash," said Graham
Cluley, senior technology consultant for Sophos. "In the old
days malware was typically written by teenagers who wanted to show
off to their mates. Now most of the viruses and Trojan horses we
see are being written with the intention of making money from
innocent internet users. The attacks are becoming more organized
and more malicious, and every computer needs to be properly
defended."
Sophos experts who have analysed the Trojan horse have
determined the password used to encrypt users' data.
"Experts at Sophos have disassembled the Zippo Trojan and
determined that the password it uses to encrypt data is C:\Program Files\Microsoft Visual Studio\VC98," continued
Cluley. "So there should be no need for anyone unfortunate enough
to have suffered from this ransomware attack to have to pay the
reward to the criminals behind it. It looks like this password was
deliberately chosen by the Trojan's author in an attempt to fool
analysts into thinking it was a directory path instead."
Companies are recommended to protect their email with a consolidated solution to thwart the virus, spyware
and spam threats and secure their desktops and servers with
automatically updated anti-virus protection.
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.