Malware Kidnaps Video Files & Demands Restoration Fees
In December 2007, Ahnlab, a Korea-headquartered firm for IT security, said that it has been receiving increasing reports from victims that ransomware captured video files on their systems and then demanded money to restore them.
Ransomware, known to have developed in Russia, encrypts the user's data to transfer it to an invisible folder followed with demand for fees from the victim to provide a password to decrypt the data. The decryption code is provided only after the user pays the ransom asked for.
The new malware commonly infects PCs via e-mails, or with downloads from malicious websites or infected programs. However, the most risky mediums are careless downloads of video files, and Peer-to-Peer (P2P) sharing sites.
The ransomware is packaged with 'Uccplay', an adware which is used to dupe victims into believing they are getting a player with multimedia. But on installing it, the adware makes copies of the video files kept on the PC to move them to a concealed folder after which it deletes the actual files. Victims are left with little choice but to access the ransomware in order to get back the original files. The ransomware then displays a 'certification' window that asks for the payment.
Clearly, it is difficult to remove the malware and normal computer users might have to make the payment. Ahnlab said that the installation of the malware is brought out mainly through an ActiveX control program.
A spokeswoman for Ahnlab, Hwang Mi-kyung, said that often, when users find an ActiveX pop-up, they press enter to carry on but actually they should read the content thoroughly before clicking OK. Mi-kyung noted that ActiveX is the channel that the ransomware used in most cases recently to reach users' computers. KoreaTimes published this on December 14, 2007.
Ransomware have minor variations, but this malware in Korea hunts the C and D drives to see if there are any video files in them and then the process is same from copying and transferring to deleting files.
Ransomware infection can be prevented by adjusting the security levels on the Internet to more than average and carefully reading all the details in the pop-ups.
Related article: Malware Authors Turn More Insidious
» SPAMfighter News - 28-12-2007