Menu
Attackers can easily create dangerous file-encrypting malware, new threat suggests

Attackers can easily create dangerous file-encrypting malware, new threat suggests

A newly discovered ransomware threat runs as a batch file and uses the open-source GnuPG program for encryption

A new program that encrypts files to extort money from users highlights that attackers don't need advanced programming skills to create dangerous and effective ransomware threats, especially when strong encryption technology is freely available.

Researchers from antivirus vendor Symantec recently came across a Russian-language -- for now -- ransomware program of which the core component is a simple batch file -- a command-line script file.

This development choice allows the attacker to easily control and update the malware, said Symantec researcher Kazumasa Itabashi in a blog post Thursday. The batch file downloads a 1024-bit RSA public key from a server and imports it into GnuPG, a free encryption program that also runs from the command line. GnuPG, which is an open-source implementation of the OpenPGP encryption standard, is used to encrypt the victim's files with the downloaded key. "If the user wants to decrypt the affected files, they need the private key, which the malware author owns," Itabashi said. In public-key cryptography, which OpenPGP is based on, users generate a pair of associated keys, one that is made public and one that is kept private. Content encrypted with a public key can only be decrypted with its corresponding private key. The new ransomware threat that Symantec calls Trojan.Ransomcrypt.L encrypts files with the following extensions: .xls, .xlsx, .doc, .docx, .pdf, .jpg, .cd, .jpeg, .1cd, .rar, .mdb and .zip. Victims are asked to pay a ransom of €150 (around US$200) to recover them. What sets Trojan.Ransomcrypt.L apart is not its use of public-key cryptography for encryption -- other threats do the same -- but its simplicity and the fact that the author chose to use a legitimate and open-source encryption program instead of creating his own implementation, which malware authors often do. There are some complex ransomware programs with advanced features that are developed with the primary goal of being sold to other cybercriminals who lack the skills to create their own.

However, Trojan.Ransomcrypt.L is proof that developing ransomware can be done for little cost and without advanced programming knowledge, which could lead to an increase in the number of such threats in the future.


Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags symantecsecurityDesktop securityencryptionmalware

Featured

Slideshows

Sizing up the NZ security spectrum - Where's the channel sweet spot?

Sizing up the NZ security spectrum - Where's the channel sweet spot?

From new extortion schemes, outside threats and rising cyber attacks, the art of securing the enterprise has seldom been so complex or challenging. With distance no longer a viable defence, Kiwi businesses are fighting to stay ahead of the security curve. In total, 28 per cent of local businesses faced a cyber attack last year, with the number in New Zealand set to rise in 2017. Yet amidst the sensationalism, media headlines and ongoing high profile breaches, confusion floods the channel, as partners seek strategic methods to combat rising sophistication from attackers. In sizing up the security spectrum, this Reseller News roundtable - in association with F5 Networks, Kaspersky Lab, Tech Data, Sophos and SonicWall - assessed where the channel sweet spot is within the New Zealand channel. Photos by Maria Stefina.

Sizing up the NZ security spectrum - Where's the channel sweet spot?
Kiwi channel comes together for another round of After Hours

Kiwi channel comes together for another round of After Hours

The channel came together for another round of After Hours, with a bumper crowd of distributors, vendors and partners descending on The Jefferson in Auckland. Photos by Maria Stefina.​

Kiwi channel comes together for another round of After Hours
Consegna comes to town with AWS cloud offerings launch in Auckland

Consegna comes to town with AWS cloud offerings launch in Auckland

Emerging start-up Consegna has officially launched its cloud offerings in the New Zealand market, through a kick-off event held at Seafarers Building in Auckland.​ Founded in June 2016, the Auckland-based business is backed by AWS and supported by a global team of cloud specialists, leveraging global managed services partnerships with Rackspace locally.

Consegna comes to town with AWS cloud offerings launch in Auckland
Show Comments