Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    September 2015
    S M T W T F S
    « Aug    
  • Email Subscription

  • About Us

    Ransomware is known for holding a victim’s files “hostage” (encrypted) while the criminal perpetrator asks the victim to pay a high sum of money (ransom) in exchange for a decryption key that can be used to retrieve the encrypted files.

    Just recently, Trend Micro Advanced Threats Researcher Ivan Macalintal reported that a new version of the GPcode ransomware has surfaced, which Trend Micro already detects through the Smart Protection Network as TROJ_RANDSOM.A.

    This new ransomware displays the following message upon execution:

    Figure 1.Fake error message upon malware execution

    It drops several files which are also detected as TROJ_RANDSOM.A. After which, it searches and encrypts files found on any readable and writable drive on the system, rendering them inaccessible (without the encryption key). It also changes the file name of the encrypted files, by adding the .XNC extension.

    It also drops the file READ THIS.TXT in each folder that contains an encrypted file. This file informs the victim that the files have been encrypted, and that a decrypting tool must be purchased to decrypt the files. Email addresses are also included in the text file, which the victim must contact to obtain the decryption tool.

    Accordingly, the perpetrator of this crime demands £200 (US$307) for the decryption services.

    In the past, we have seen ransomware strikes fear through effective social engineering tactics. Some of the notable ransomware are the following:

    Users are strongly advised to back up their files so as not to be victimized by ransomware.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice