Ransomware Appears Targeting Windows

By Brian Prince  |  Posted 2010-11-30 Print this article Print

Security researchers are reporting the appearance of ransomware kidnapping PCs.

What appear to be two separate campaigns have emerged. The first, discussed here by Sophos by Nov. 26, was observed using a drive-by attack to infect computers via malicious PDFs. Once installed, the malware encrypts media and Microsoft Office files on a victim's computer. The endgame - get the victim to cough up $120 in exchange for getting the ability to access their data back.

Meanwhile, researchers at CA Technologies are tracking Seftad, another piece of ransomware targeting PCs. Seftad tells victims their hard drives have been encrypted, and should they try to recover the result will be data loss. The drive isn't actually encrypted, however; instead, the malware rewrites the original master boot record with its own.

In this scam, the amount the attackers want varies, ranging from $100 (USD) to 1,000 Kroners (DKK), according to CA.

"This ransomware infection is an expensive one considering the amount of payment demanded by the creators of this threat," blogged Zarestel Ferrer, senior research engineer with CA's Internet Security Business Unit.

"Please avoid opening unsolicited e-mails and even more, executing e-mail attachments coming from unknown sources," he added.

del.icio.us | digg.com

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel