Menu
Attackers can easily create dangerous file-encrypting malware, new threat suggests

Attackers can easily create dangerous file-encrypting malware, new threat suggests

A newly discovered ransomware threat runs as a batch file and uses the open-source GnuPG program for encryption

A new program that encrypts files to extort money from users highlights that attackers don't need advanced programming skills to create dangerous and effective ransomware threats, especially when strong encryption technology is freely available.

Researchers from antivirus vendor Symantec recently came across a Russian-language -- for now -- ransomware program of which the core component is a simple batch file -- a command-line script file.

This development choice allows the attacker to easily control and update the malware, said Symantec researcher Kazumasa Itabashi in a blog post Thursday. The batch file downloads a 1024-bit RSA public key from a server and imports it into GnuPG, a free encryption program that also runs from the command line. GnuPG, which is an open-source implementation of the OpenPGP encryption standard, is used to encrypt the victim's files with the downloaded key. "If the user wants to decrypt the affected files, they need the private key, which the malware author owns," Itabashi said. In public-key cryptography, which OpenPGP is based on, users generate a pair of associated keys, one that is made public and one that is kept private. Content encrypted with a public key can only be decrypted with its corresponding private key. The new ransomware threat that Symantec calls Trojan.Ransomcrypt.L encrypts files with the following extensions: .xls, .xlsx, .doc, .docx, .pdf, .jpg, .cd, .jpeg, .1cd, .rar, .mdb and .zip. Victims are asked to pay a ransom of €150 (around US$200) to recover them. What sets Trojan.Ransomcrypt.L apart is not its use of public-key cryptography for encryption -- other threats do the same -- but its simplicity and the fact that the author chose to use a legitimate and open-source encryption program instead of creating his own implementation, which malware authors often do. There are some complex ransomware programs with advanced features that are developed with the primary goal of being sold to other cybercriminals who lack the skills to create their own.

However, Trojan.Ransomcrypt.L is proof that developing ransomware can be done for little cost and without advanced programming knowledge, which could lead to an increase in the number of such threats in the future.

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags symantecsecurityDesktop securityencryptionmalware

Slideshows

Top 50 defining moments of the New Zealand channel in 2016

Top 50 defining moments of the New Zealand channel in 2016

Reseller News looks back on a tumultuous 12 months for the New Zealand channel, assessing the fallout from a year of sizeable industry change. Whether it be local or global mergers and acquisitions, distribution deals or job changes, the channel that started the year differs somewhat to the one set to finish it - Reseller News assesses the key moments that made 2016.​

Top 50 defining moments of the New Zealand channel in 2016
​Hewlett Packard Enterprise honours high achieving NZ channel

​Hewlett Packard Enterprise honours high achieving NZ channel

Hewlett Packard Enterprise honoured its top performing Kiwi partners at the second running of its HPE Partner Awards in New Zealand, held at a glitzy ceremony in Auckland. Recognising excellence across eight categories - from distributors to resellers - the tech giant celebrated its first year as a standalone company, following its official split from HP in 2015.

​Hewlett Packard Enterprise honours high achieving NZ channel
Nutanix treats channel partners to Christmas cruise

Nutanix treats channel partners to Christmas cruise

Nutanix recently took to the seas for a Christmas Cruise around Sydney Harbour with its Australia and New Zealand staff, customers and partners to celebrate a stellar year for the vendor. With the sun out, they were all smiles and mingled over drinks and food.

Nutanix treats channel partners to Christmas cruise
Show Comments