Ransomware abounds
Posted on 30.11.2010
Ransomware is any malware that manages to make a computer system or any of the files on it inaccessible to the user and asks him or her to pay up if they want to regain access. Unfortunately for us all, two separate ransomware variants have been recently detected by Kaspersky Lab experts.

The first one is similar to the GpCode Trojan that has been detected in 2004 and whose variants have been making a regular appearance until 2008. It usually encrypts the data, and the chances of getting it back are low.

This new, improved version overwrites the data that has been encrypted instead of deleting it - making it impossible for the users to recover it with data-recovering tools.

The malware uses various encryption algorithms, and encrypts only part of the data. Kaspersky's researcher advises victims not to make changes in their system if they notice they have been hit, until a solution to the problem of recovering the data is found.

He also points out that if you see the following text pop up in a text file on your computer or on your background image, you should immediately shut down the computer to prevent at least some of the data to be encrypted:

The second one piece of ransomware found today was one that overwrites the master boot record (MBR), reboots the victim's computer, and shows this message:

Luckily for the victims, the claim that the drives and files are encrypted is false - the original MBR has only been overwritten with the malicious one, and the original is save on a sector of the disk.

The researcher offers two possible ways to restore the original MBR. First, you should try entering the password aaaaaaciip or aaaaadabia (depending on the variant of the malware), and if that doesn't work, use Kaspersky's tool for disk rescue. In any case, don't visit the website mentioned in the message and pay the $100 to have your data back.


Most IT pros have seen potentially embarrassing information about their colleagues

More than three-quarters of IT professionals have seen and kept secret potentially embarrassing information about their colleagues, according to new research conducted by AlienVault.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Wed, Feb 10th