in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Data Encryption Ransomware Making The Rounds, Asking for $120

Graham Cluley at Sophos has sounded the alert on malware that partially encrypts your files and asks for ransom for your data's release.  Another demonstration that data encryption software like AlertBoot is extremely effective at protecting data, although an unpalatable one.

Encrypts Media and (Microsoft) Office Files

The malware apparently spreads via "malicious" PDFs, which I assume are PDFs that have had their vulnerabilities exploited to spread around the ransomware.  After the malware installs itself on your computer, it will encrypt the following types of files and request $120 for decryption them:

.jpg, .jpeg, .psd, .cdr, .dwg, .max, .mov, .m2v, .3gp, .doc, .docx, .xls, .xlsx, .ppt, .pptx, .rar, .zip, .mdb, .mp3, .cer, .p12, .pfx, .kwm, .pwm, .txt, .pdf, .avi, .flv, .lnk, .bmp, .1cd, .md, .mdf, .dbf, .mdb, .odt, .vob, .ifo, .mpeg, .mpg, .doc, .docx, .xls, and .xlsx.

Cluley notes that the easiest way to ID infected files is to take a look at their extension: if the file name is file_name.ENCODED, then you've got a problem on your hands.

Files are not encrypted in their entirety; however, partial encryption of a file is enough to render them useless since the file won't open.

An interesting aspect of the ransomware is that it alerts you NOT to alert anyone about the fact that your files are encrypted.  Plus, it lets you, the victim, know that there is a limited amount of time to send in the $120 before files are deleted (in all likelihood, what they mean is that after X days, they won't send in that decryption key).

It looks like this latest ransomware is not scareware--i.e., the files are actually encrypted, so there is some bite behind the bark.

Attacks like this one are not new.  I had covered a similar wave of ransomware making the rounds over a year ago.

Encryption Software is That Good

At preventing people from accessing data, that is, assuming they don't have the right access codes for it.

Time will tell whether this latest threat is a "real" one.  If I recollect correctly, the earlier ransomware actually had mistakes in its coding that allowed it to be reversed without paying anything to anyone.


Related Articles and Sites:
http://nakedsecurity.sophos.com/2010/11/26/drive-by-ransomware-attack-demands-120
http://infoworld.com/t/malware/ransomware-returns-if-you-ever-want-see-your-data-again-449

 
<Previous Next>

Cost Of A Data Breach? How About 20 Years Of FTC Supervision?

Data Encryption Software: If So Good At Protecting Data, How To Account For Wikileak?

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.