You’ve heard about Trojans concatenating files or encrypting them using regular methods to create a hostage situation, and demand ransom to free the stolen data.
This new Ransomware spreading wide and far in Russia, named GpCode.af, goes a step ahead and employs a 330 bit encryption algorithm from RSA to wreck havoc for infected users! Security experts at MicroWorld Technologies inform that Ransomware named GpCode.af, spreads primarily via spammed emails written in Russian, hence the infection is by and large confined only to the former communist nation so far.
The mail posing to come from a UK marketing firm trying to setup shops in various cities of Russia, asks users to download an MS Word file to complete a job application process. Now, a job offer is an irresistible deal for many, in a nation where the economy is limping, while the jobs are shrinking. For sure, the smart Social Engineering ploy from the malware writer has hit the bull’s eye, apparent in its large scale proliferation.
The attachment contains a ‘Trojan Downloader’. Once inside the user computer, it logs on to a malicious website and brings in GpCode.af. The Ransomware goes ahead and encrypts a large variety of files with extensions created through permutations and combinations of three or four English alphabets, including doc, xls, pdf, zip, rtf, html and many more. After completing the high-end encryption from RSA, the attacker leaves a message in a file, readme.txt, and demands users to pay up for the decryption code in true gangster style. You are given an email id to find out the mode of payment.
“There are three important aspects to be noted in the case of GpCode.af,” points out Govind Rammurthy, CEO, MicroWorld Technologies. “First, the smart Social Engineering with emails offering employment opportunities. Second, its two-tier infection method with the use of spam and Trojan-Downloader. Third, the use of sophisticated RSA technology in data encryption and hijack. When you talk about malware evolution, they are evolving in code, supporting technology, extortion techniques, modes of proliferation and psychological ploys. It’s definitely a wholesome deal.”
Last week, MicroWorld had reported about MayArchive Trojan, which strings files together, archives them and directs victims to buy spurious online drugs worth $75, for the access password.
“MicroWorld believes in Proactive Security for information systems. You can see that a small piece of malware coming in through an otherwise harmless Word file, quickly grows in threat levels and hijacks priceless information stored in your computer. This incident once again goes to prove that preventing every intrusion, big or small, holds the key to comprehensive Data Security,” says Govind Rammurthy.
MicroWorld (www.mwti.net ) is the developer of the world’s first Real-Time Anti-Virus and Content Security software eScan for desktops and servers. Its communication security software, MailScan is the first comprehensive e-mail scanner for your SMTP/POP3 Mail Server. MicroWorld Winsock Layer (MWL) is the revolutionary technology underlying these products, powering them to several certifications and awards by some of the most prestigious testing bodies, notable among them being Virus Bulletin, Checkmark, TUCOWS, Red Hat Ready, and Novell Ready. Combining their powerful scanner with MWL technology, MicroWorld solutions provide a Real-Time Proactive security for your systems. For network security of enterprises, eConceal Firewall is the latest powerful offering from MicroWorld.
To learn more, kindly visit http://www.mwti.net.