1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

Ransomware strain breaks, victims avoid payment

Discussion in 'Security Updates' started by starbuck, Apr 10, 2015.

  1. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    A newly-released ransomware strain's poor coding allows victims in most cases to access their files without parting with a cent.

    A new strain of ransomware has been broken, allowing for victims to circumvent payment and access their locked data.

    The Scraper ransomware, originally known as Torlocker, was discovered in October last year and granted the name Trojan-Ransom.Win32.Scrape. The ransomware encrypts a victim's files -- including documents, video, images and database copies -- and demands a ransom of at least $300 to unlock and decrypt documents.

    However, due to errors in encryption algorithms, in 70 percent of cases files can be unlocked without submitting to the attacker's demands.

    In a blog post, Kaspersky Labs analyzes the ransomware strain in detail, and within the security company's findings is the fact that in most cases, victims can get their data back without giving into demands for money.

    First appearing in an attack against Japanese users last year, the crypto-ransomware samples obtained by Kaspersky come in both Japanese and English versions. The Trojan uses the Tor network and a proxy server to contact its owners after landing on victim computer systems via the Andromeda botnet.

    After demanding upwards of $300, if the malware is detected and deleted by an antivirus program -- after files are encrypted -- the Trojan installs the following wallpaper on the user's desktop with a link to its executable file.

    1cc436ae71ad633d3aa81f3709a23220.png

    Victims can re-download the malicious code and notify its operators that the ransom has been paid through a dedicated TorLocker window. The data is then sent through to a command and control (C&C) server which will respond with a private RSA key if money has changed hands. The ransomware supports payments made in Bitcoin, UKash and PaySafeCard.

    Victims are pressured to pay up through a timer system which threatens to delete the key necessary to decrypt files.

    Unfortunately, ransomware has become a popular way to extract money from victims who inadvertently download the malware. The fear factor stems from ransomware often masquerading as law enforcement and alleging that the victim has been viewing illegal material or similar, and a time reference can cause panic which will in turn pressure a victim to pay up rather than lose their files.

    In March, a new variant of the Cryptolocker ransomware which targets gamers. Dubbed TeslaCrypt, the malware strain impacts data files for games distributed on compromised websites, and uses the Angler exploit kit to lock systems and demand payment.


    Source:
    http://www.zdnet.com/article/ransomware-strain-breaks-victims-avoid-payment/#ftag=RSSbaffb68
     
    starbuck, Apr 10, 2015
    #1

Share This Page