New File Encrypting Trojan Doesn’t Produce Ransom Message

Internet security firm Symantec has issued an alert on a new ransomware variant called Trojan.Ramvicrype that although, after compromising computers, encrypts their files, yet doesn't produce a ransom note typical of such software that demand money for unlocking encrypted files.

The Trojan, reportedly, is the discovery of engineer Shunichi Imano who works with Symantec's Security Response, reported SC MAGAZINE on November 2, 2009.

Furthermore, the Trojan in the attack supposes that the compromised PC's owner will try to find information that would assist him in loosening the locked files. But the hunt takes the owner onto the web-page of a fake firm presenting a solution, however, in exchange for a fee, security researchers said.

Describing the malware further, the researchers said that the Trojan used the popular software cipher "RC4 algorithm" to lock infected computer files, thus making them unusable.

Moreover, on executing the malware, it tries to find files inside MyDocuments, Application Data\Identities and Desktop and changes their names with a .vicrypt extension. Thereafter, it tries to find links that might be inside the latest directory and changes the names of all the files in the folders pointed by the links, after which it encrypts each file's header.

Furthermore, hunting for "vicrypt help" on the Web, users are returned with information for a Mauritius-based organization, Exquisys Software Technology Ltd. that offers so-called Antivicrypt software, which claims to mend and regain damaged files.

In the meantime, to help stop ransomware infections, security specialists suggest end-users to adopt standard precautions like setting complicated passwords, using minimum privileges for program execution, turning off file-sharing when it's not required, using up-to-date patches, as well as isolating infected PCs from the network as quickly as possible.

However, the Trojan.Ramvicrype attack isn't the lone ransomware attack against PC owners. All through 2009, cyber-criminals have been focusing on alternative extortion methods so that they can effectively earn the maximum possible micro-payment revenue.

Similarly, in the final week of October 2009, researchers at CA, an Internet security company, too caught certain ransomware product that encrypted widely used file extensions like .pdf, .zip, .rar and others, which it held hostage for $100.

Related article: New Zealand Releases Code To Reduce Spam

» SPAMfighter News - 11/12/2009