• Welcome to Talk Jesus

    A true bible based, Jesus centered online community. Join over 11,000 members today

    Register Log In

Ransoms Files, Demands $300

Users who viewed this discussion (Total:0)

Member
New Trojan Ransoms Files, Demands $300

The Trojan archives 44 file types with a Zip library, then password-protects the files and deletes the originals. But some have discovered the password needed to free the files.

By Gregg Keizer


Mar 16, 2006 02:46 PM

A Trojan is loose that locks up files and then demands a $300 ransom to return access, several security firms said Thursday, but at least two have discovered the password needed to free the files.

Dubbed "Cryzip" by some anti-virus vendors and "Zippo.a" by others, the Trojan archives 44 file types -- including .doc (Microsoft Word), .pdf (Adobe Acrobat), and .jpg (images) -- with a ZIP library, then password-protects the files and deletes the originals.

A "ransom note" is left on the machine, and reads in part: "Do not try to search for a program what encrypted your information - it is simply do not exists in your hard disk anymore. If you really care about documents and information in encrypted files you can pay using electonic [sic] currency $300.

"Reporting to police about a case will not help you, they do not know password."

At least two security firms, however, have dug up the password, which was left in plain view within one of the DLL files dropped by the Trojan. According to both Sophos and LURHQ, the password is:

C:\Program Files\Microsoft Visual Studio\VC98

"Because this string often appears inside projects compiled with Visual C++ 6, the author likely figured anyone who found the infecting DLL and examined its strings looking for the password would simply overlook it," LURHQ wrote in its Cryzip advisory.

"There should be no need for anyone to pay the reward," said Graham Cluley, a senior technology consultant with Sophos, in a separate statement. "It looks like this password was deliberately chosen by the author in an attempt to fool analysts into thinking it was a directory path instead."

Victims can use any ZIP utility to unlock the files with the password.

Ransom-like attacks, labeled "ransomware," are rare. The last full-fledged attack was in May 2005 when another security company, California-based Websense, spotted a Trojan that demanded $200 for a decryption key.

Other, and more common, forms of ransomware-style attacks are used by bogus spyware vendors, who claim that users' PCs harbor massive amounts of adware and spyware, and try to sell their phony products to spooked consumers.
 
Administrator
Staff Member
Thanks for sharing this brother.
 
Last edited by a moderator:
Member
Stuff like this is not a bother to the avarage serfer...if it did really happen id just go get another H.D... or pray me down one:smile:. lol hackers are a little more to worry about, as they can destroy your hardware.... if they know how too. Pretty sure i had it happen to me, was useing Windows XP SP1 firewall... its a piece of junk. SP2 is better...or a third party one.

God bless
 
Member
One other way unless the HD is locked out, is just reformat:shade: Unless you have $300 worth of files you need? Like i said, not a problem to just the average user. But still good to know.

God bless brother
 
Top