New Drive By Assault With Tricks of Ransomware

Security investigators from SophosLabs are warning that one fresh ransomware attack is ongoing as they analyze it and find that it strikes PC-users through hijacked websites having a drive-by flaw. The vulnerability apparently exists in Adobe Reader (previous versions) while it's spread through specially-created PDF documents, security company Sophos observes.

Moreover, according to Sophos, the ransomware is spread as the attackers use it to encrypt Office documents and media files that the victims' PCs hold, with the motive to extort $120.

Identified as Troj/Ransom-U, the attack, as per Sophos, alters the desktop wallpaper of the victimized Windows-computer for delivering the ransom note's first part to the user.

The note like an alert says that a powerful algorithm namely RSA-1024 was used to encrypt all of the user's personal files, which he can't now access without doing certain things the writer requires. Softpedia.com reported this on November 26, 2010.

The note then tells that the user must read the given "HOW TO DECRYPT FILES" file that's installed on his desktop and which has additional directions regarding communicating with the attackers.

Interestingly, Sophos says, the attack's malicious code doesn't encrypt the entire lot of files, only about the initial 10%, while the attackers demand a ransom from the victims to restore their lost data.

Worryingly, the type of file extensions targeted are: .jpeg, .jpg, .cdr, .psd, .max, .dwg, .m2v, .mov, .docx, .doc, .3gp, .xlsx, .xls, .pptx, .ppt, .zip, .rar, .p12, .mp3, .mdb, .pwm, .kwm, .cer, .pdf, .pfx, .txt, .flv, .avi, .1cd, .bmp, .md, .lnk, .dbf, .mdf, .odt, .ifo, .vob, .mpg, and .mpeg, as per Sophos.

Remarking about the malevolent campaign, Senior Technology Consultant Graham Cluley at Sophos stated that certainly, it wasn't recommended that people obliged ransomware-extortionists through payment of money. According to him, it wasn't guaranteed that the criminals wouldn't demand even more ransoms when they discovered that those on the other end were ready to pay further. Softpedia.com published this on November 26, 2010.

Cluley added that unfortunately, once the attack happened, the only solution towards restoring the files was to use a backup for there was now little means to decrypt them.

Related article: New Zealand Releases Code To Reduce Spam

» SPAMfighter News - 12/9/2010