|
| The Arhiveus Trojan horse holds data hostage from
infected users. |
Experts at SophosLabsâ„¢, Sophos's global
network of virus, spyware and spam analysis centers, have warned
users about a Trojan horse that encrypts victims' computer data,
and then attempts to force users into making a purchase from an
online pharmacy.
The Troj/Arhiveus-A Trojan
horse (also known as MayAlert) scoops up files in innocent users'
"My Documents" folder and creates a file called
EncryptedFiles.als.
When users try to access their files they are directed to a file
containing instructions on how to recover the data. The
instructions begin:
INSTRUCTIONS HOW TO GET YOUR FILES BACK
READ CAREFULLY. IF YOU DO NOT UNDERSTAND - READ AGAIN.
This is the automated report generated by auto archiving
software.
Your computer caught our software while browsing illegal
porn pages, all your documents, text files, databases in the folder
My Documents was archived with long password.
You can not guess the password for your archived files -
password length is more than 30 symbols that makes all password
recovery programs fail to bruteforce it (guess password by trying
all possible combinations).
Do not try to search for a program that encrypted your
information - it simply does not exist in your hard disk anymore.
Reporting to police about a case will not help you, they do not
know the password. Reporting somewhere about our email account will
not help you to restore files. Moreover, you and other people will
lose contact with us, and consequently, all the encrypted
information.
To retrieve their files (which may include personal photographs,
letters, household budgets and other content), users must enter a
30 character password -which, they are told, is only available
after they make purchases from one of three online drug stores.
Files cannot be accessed until the correct
password is entered.
"Internet hackers are getting bolder in their attempts to steal
money from innocent web users. Once your valuable data is locked
away you may be tempted to pay up to rescue your files, but this
will only encourage more blackmail attempts in the future.
Companies who have made regular backups may be able to recover
easily, but less diligent home users may feel forced to cough up
the cash," said Graham
Cluley, senior technology consultant for Sophos. "Today, most
of the viruses and Trojan horses we see are being written with the
intention of making money and we wouldn't be surprised to see much
more ransomware being written in the future. Attacks are becoming
more organized and more malicious, and every computer needs to be
properly defended with up-to-date anti-virus software, firewalls
and operating system patches."
Sophos experts who have analysed the Trojan horse have
determined the password used to encrypt users' data.
"The password is deliberately long and complicated in an attempt
by the hackers to avoid people easily cracking it. Experts at
Sophos have disassembled the Arhiveus Trojan and determined that
the password is mf2lro8sw03ufvnsq034jfowr18f3cszc20vmw," continued
Cluley. "So there should be no reason for anyone hit by this
ransomware attack to have to make any payments to the criminals
behind it."
Sophos notes that this is not the first example of ransomware.
In March 2006, the Zippo Trojan
horse demanded $300 for the safe return of users' encrypted data.
The following month the Ransom-A Trojan horse threatened to
delete stolen files one-by-one until a ransom was paid.
Companies are recommended to protect their email with a consolidated solution to thwart the virus, spyware
and spam threats and secure their desktops and servers with
automatically updated anti-virus protection.
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.