Anti-malware vendor Trend Micro has noted an increase in ransomware. According to Wikipedia ransomware is a type of malware that encrypts the data belonging to an individual on a computer, demanding a ransom for its restoration.
This type of ransom attack can be accomplished by (for example) attaching a specially crafted file/program to an e-mail message and sending this to the victim. If the victim opens/executes the attachment, the program encrypts a number of files on the victim’s computer. A ransom note is then left for the victim. The victim will be unable to open the encrypted files without the correct decryption key.
Once the ransom demanded in the ransom note is paid, the attacker may (or may not) send the decryption key, enabling decryption of the “kidnapped” files.
Recently, Trend Micro Advanced Threats Researcher Ivan Macalintal reported that a new version of the GPcode ransomware has surfaced, It is said that Gpcode[dot]ag utilizes a 660-bit RSA public modulus. Attackers appear to be upping the ante, in early June 2008, another Gpcode variant, Gpcode [dor]ak, has been detected and researchers believe it utilizes an RSA encryption algorithm with a 1024-bit public key. “We estimate it would take around 15 million modern computers, running for about a year, to crack such a key,” writes Aleks Gostev, senior virus analyst at Kaspersky, on the company’s blog.
The rise of ransomware makes regular successful data backups even more important. With current backups, you can delete the files in question, restore them from your backup and let someone else pay the attacker.
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.