Micron
18-11-2006, 12:31 AM
[right:25473b58cf]http://www.experiencewindows.co.uk/images/ransome.jpg[/right:25473b58cf]Although Ransomeware is new, Most of you haven't heard of it. But soon you will.
Ransomware is a type of malware that uses a weak (breakable) cryptosystem to encrypt the data belonging to an individual, demanding a ransom for its restoration. A cryptovirus, cryptotrojan or cryptoworm on the other hand employs a military-grade hybrid cryptosystem to take data hostage (the field known as cryptovirology predates the term "ransomware").
This type of ransom attack can be accomplished by (for example) attaching a specially crafted file/program to an e-mail message and sending this to the victim. If the victim opens/executes the attachment, the program encrypts a number of files on the victim's computer. A ransom note is then left behind for the victim. The victim will be unable to open the encrypted files without the correct decryption key. Once the ransom demanded in the ransom note is paid, the cracker will (supposedly) send the decryption key, enabling decryption of the "kidnapped" files. However, if the decryption key is in the file/program then it can be extracted and used without contacting the attacker. This is the case in any such malware that relies on symmetric cryptography alone.
There have been a few malware attacks in the past that have done this. The 1996 IEEE paper by Young and Yung reviews the malware that has done this, points out the fatal flaw which is the reliance on symmetric cryptography, and shows how to use public key cryptography to solve this problem (that the attacker faces).
A cryptovirus, cryptotrojan, or cryptoworm is defined as malware that contains and uses the public key of its author. In cryptoviral extortion, the public key is used to hybrid encrypt the data of the victim and only the private key (which is not in the malware) can be used to recover the data. This is one of a myriad of attacks in the field known as cryptovirology.
Since May 2005 malware extortion attacks (that encrypt or delete data) have been appearing in greater numbers. Examples include Gpcode (many variants: Gpcode.ac, Gpcode.ag, etc.), TROJ.RANSOM.A., Archiveus, Krotten, Cryzip, and MayArchive. It is said that Gpcode.ag utilizes a 660-bit RSA public modulus. Crackers appear to be either rediscovering cryptoviral extortion or, perhaps more likely, reading the cryptographic literature on the subject.
The article that follows is from the BBC Website.
A woman from Greater Manchester has become a victim of an internet scam in which hackers hijack computer files and blackmail owners to get them back.
Helen Barrow, a 40-year-old nurse from Rochdale, is believed to be one of the first victims of the con in the UK.
Criminals encrypt files with complex passwords, leaving a ransom note telling victims not to contact police.
Ms Barrow's note said that she would have to buy drugs from an online pharmacy to find out the password.
The new phenomenon, known as Ransomware, means victims cannot access any of the files stored in their My Documents folder.
http://newsimg.bbc.co.uk/media/images/41709000/jpg/_41709384_webjack_bodypa203.jpg
Ms Barrow, from Littleborough, discovered her computer files had vanished and replaced by one 30-digit password-protected folder.
he also found a new file named "instructions how to get your files back".
Ms Barrow contacted police and an IT expert who managed to recover some of her files, which included coursework for her nursing degree.
The senior sister said: "When I realised what had happened, I just felt sick to the core.
"I was in shock.
"It was a horrible feeling and I thought I was going to lose all of my work.
"I had lots of family photographs and personal letters on the computer and to think that other people could have been looking at them was awful."
A message had appeared on her computer screen telling her she had contracted an unnamed virus.
It is thought the message was part of the scam and she inadvertently downloaded it.
The virus is known as Archiveus and victims are told to buy pharmaceutical drugs from an internet chemist thought to be based in Russia.
A Greater Manchester Police spokesman said: "Our High Tech Crime Unit is aware of this new type of crime and incidents of this kind could increase in future."
Ransomware is a type of malware that uses a weak (breakable) cryptosystem to encrypt the data belonging to an individual, demanding a ransom for its restoration. A cryptovirus, cryptotrojan or cryptoworm on the other hand employs a military-grade hybrid cryptosystem to take data hostage (the field known as cryptovirology predates the term "ransomware").
This type of ransom attack can be accomplished by (for example) attaching a specially crafted file/program to an e-mail message and sending this to the victim. If the victim opens/executes the attachment, the program encrypts a number of files on the victim's computer. A ransom note is then left behind for the victim. The victim will be unable to open the encrypted files without the correct decryption key. Once the ransom demanded in the ransom note is paid, the cracker will (supposedly) send the decryption key, enabling decryption of the "kidnapped" files. However, if the decryption key is in the file/program then it can be extracted and used without contacting the attacker. This is the case in any such malware that relies on symmetric cryptography alone.
There have been a few malware attacks in the past that have done this. The 1996 IEEE paper by Young and Yung reviews the malware that has done this, points out the fatal flaw which is the reliance on symmetric cryptography, and shows how to use public key cryptography to solve this problem (that the attacker faces).
A cryptovirus, cryptotrojan, or cryptoworm is defined as malware that contains and uses the public key of its author. In cryptoviral extortion, the public key is used to hybrid encrypt the data of the victim and only the private key (which is not in the malware) can be used to recover the data. This is one of a myriad of attacks in the field known as cryptovirology.
Since May 2005 malware extortion attacks (that encrypt or delete data) have been appearing in greater numbers. Examples include Gpcode (many variants: Gpcode.ac, Gpcode.ag, etc.), TROJ.RANSOM.A., Archiveus, Krotten, Cryzip, and MayArchive. It is said that Gpcode.ag utilizes a 660-bit RSA public modulus. Crackers appear to be either rediscovering cryptoviral extortion or, perhaps more likely, reading the cryptographic literature on the subject.
The article that follows is from the BBC Website.
A woman from Greater Manchester has become a victim of an internet scam in which hackers hijack computer files and blackmail owners to get them back.
Helen Barrow, a 40-year-old nurse from Rochdale, is believed to be one of the first victims of the con in the UK.
Criminals encrypt files with complex passwords, leaving a ransom note telling victims not to contact police.
Ms Barrow's note said that she would have to buy drugs from an online pharmacy to find out the password.
The new phenomenon, known as Ransomware, means victims cannot access any of the files stored in their My Documents folder.
http://newsimg.bbc.co.uk/media/images/41709000/jpg/_41709384_webjack_bodypa203.jpg
Ms Barrow, from Littleborough, discovered her computer files had vanished and replaced by one 30-digit password-protected folder.
he also found a new file named "instructions how to get your files back".
Ms Barrow contacted police and an IT expert who managed to recover some of her files, which included coursework for her nursing degree.
The senior sister said: "When I realised what had happened, I just felt sick to the core.
"I was in shock.
"It was a horrible feeling and I thought I was going to lose all of my work.
"I had lots of family photographs and personal letters on the computer and to think that other people could have been looking at them was awful."
A message had appeared on her computer screen telling her she had contracted an unnamed virus.
It is thought the message was part of the scam and she inadvertently downloaded it.
The virus is known as Archiveus and victims are told to buy pharmaceutical drugs from an internet chemist thought to be based in Russia.
A Greater Manchester Police spokesman said: "Our High Tech Crime Unit is aware of this new type of crime and incidents of this kind could increase in future."