Number: IRCNE2014082273
Date: 2014-08-03
According to “computerworld”, a new program that encrypts files to extort money from users highlights that attackers don't need advanced programming skills to create dangerous and effective ransomware threats, especially when strong encryption technology is freely available.
Researchers from antivirus vendor Symantec recently came across a Russian-language -- for now -- ransomware program of which the core component is a simple batch file -- a command-line script file.
This development choice allows the attacker to easily control and update the malware, said Symantec researcher Kazumasa Itabashi in a blog post Thursday. The batch file downloads a 1024-bit RSA public key from a server and imports it into GnuPG, a free encryption program that also runs from the command line. GnuPG, which is an open-source implementation of the OpenPGP encryption standard, is used to encrypt the victim's files with the downloaded key.
"If the user wants to decrypt the affected files, they need the private key, which the malware author owns," Itabashi said. In public-key cryptography, which OpenPGP is based on, users generate a pair of associated keys, one that is made public and one that is kept private. Content encrypted with a public key can only be decrypted with its corresponding private key. The new ransomware threat that Symantec calls Trojan.Ransomcrypt.L encrypts files with the following extensions: .xls, .xlsx, .doc, .docx, .pdf, .jpg, .cd, .jpeg, .1cd, .rar, .mdb and .zip.
Trojan.Ransomcrypt.L is proof that developing ransomware can be done for little cost and without advanced programming knowledge, which could lead to an increase in the number of such threats in the future.
- 4