TrendLabs has received reports of a malware strain, which encrypts all files ending with the following extensions:
Then it drops a ransom note named README_ASAP.TXT:
Thank you for using our service.
We’ve recently inspected your system and found out many critical security holes.
It’s not a joke, and it bring out clearly that we were able to crypt all of your text files, documents, archives and data files.
For your security we did it before than someone else: hacker, virus or just stupid vandal.
In world, hijackers are hunting for your bank account, credit card information, or something valuable.
Now, even if they’ll hack your computer they steal nothing, because all of your important files are now crypted and secured. There is no technology or scientific method to crack this kind of encrypting in near future Unfortunatelly as like other job, our services cost money. Just only 150$ US dollars. It is worth much less than if you loose all your files.
We accept only Western Union, and we garantee that your’ll receive decrypting program with detailed manual in less than hour after we’d received your payment.
If you need your information back, just send an email to:
and we’ll send you further instructions in 5 minutes.
Do not worry, you’ll get all back in hour after we get Western Union Transfer details. ONLY IN ONE HOUR!!!
We are sorry for your inconvenience, but better we and less, than somebody and more.
Q. I didn’t order your service and dont want to pay! I’ll go to police!
A. It’s up to you. If you belive they do it better, then do it.
Q. I am poor studentbankrupthousewife. I dont have money.
A. It’a sad to hear.
Q. I’ve sent an email to you for a discount.
A. Sorry, but we can’t answer to all our correspondents due to high load.
Q. I need my information ASAP!
A. Dont worry! You will get it in one hour after we receive your MTSN. (western union control number)
Q. How i can trust you? Maybe you’ll rip me?
A. We understand if you send money for our work-your info important for you.And we don’t want make your life worse.You’ll certanly get the Decription Program.
Network Security Audit Plus
This routine is similar to the TSPY_KOLLAH.F attack reported last month, where various file formats were held “hostage” by encryption using the RSA-4096 algorithm method. Similarly, the earlier attack left a READ_ME.TXT file informing users that a certain software must be purchased to revert the encrypted files to their un-encrypted form. However, interesting to note is that this attack offers a cheaper price for its decryption software (for $150) than last month’s $300.
Ransomware has been defined as malware used for an extortion crime. Such malicious routines are nothing new as cases have been reported as early as 2005. However, they have remained low-key until now, indicating that ransomware may be on the rise.
In this regard, TrendLabs strongly advocates making back-up copies of your files, in case they get infected, deleted, stolen — or in this case, ransomed.