How much is your data worth? A great deal, perhaps, for most of us. Naturally, cybercriminals keep coming up with new ways to exploit this. The new attack? Taking a page out of offline criminal syndicates, now your data is being held for ransom–literally.
This latest bit of malware, detected by Trend Micro as TROJ_FAKEALE.BG, is yet another variant of the notorious fake antivirus malware that has been the rage in recent months. It arrives as a utility that claims to have found corrupted files on the affected system. To recover the files, you need to download the paid version of the program–which will then proceed to recover the said files.
The Trojan uses the following interface:
Figure 1. TROJ_FAKEALE.BG interface.
In reality, however, it was the malware itself that encrypted the corrupted files. In this case, everything in the user’s My Documents folder is encrypted, thus preventing users from accessing the folder’s contents. The paid version of the program fixes the problem that this malware created, but only after the user has been forced to part with his money – a whopping $50.