A new program that encrypts files to extort money from users highlights that attackers dont need advanced programming skills to create dangerous and effective ransomware threats, especially when strong encryption technology is freely available. <\/p>\n
Researchers from antivirus vendor Symantec recently came across a Russian-languagefor nowransomware program of which the core component is a simple batch filea command-line script file. <\/p>\n
This development choice allows the attacker to easily control and update the malware, said Symantec researcher Kazumasa Itabashi in a blog post Thursday. The batch file downloads a 1024-bit RSA public key from a server and imports it into GnuPG, a free encryption program that also runs from the command line. GnuPG, which is an open-source implementation of the OpenPGP encryption standard, is used to encrypt the victims files with the downloaded key. If the user wants to decrypt the affected files, they need the private key, which the malware author owns, Itabashi said. In public-key cryptography, which OpenPGP is based on, users generate a pair of associated keys, one that is made public and one that is kept private. Content encrypted with a public key can only be decrypted with its corresponding private key. The new ransomware threat that Symantec calls Trojan.Ransomcrypt.L encrypts files with the following extensions: .xls, .xlsx, .doc, .docx, .pdf, .jpg, .cd, .jpeg, .1cd, .rar, .mdb and .zip. Victims are asked to pay a ransom of 150 (around US$200) to recover them. What sets Trojan.Ransomcrypt.L apart is not its use of public-key cryptography for encryptionother threats do the samebut its simplicity and the fact that the author chose to use a legitimate and open-source encryption program instead of creating his own implementation, which malware authors often do. There are some complex ransomware programs with advanced features that are developed with the primary goal of being sold to other cybercriminals who lack the skills to create their own. <\/p>\n
However, Trojan.Ransomcrypt.L is proof that developing ransomware can be done for little cost and without advanced programming knowledge, which could lead to an increase in the number of such threats in the future. <\/p>\n
Lucian Constantin writes about information security, privacy and data protection. More by Lucian Constantin <\/p>\n
<\/p>\n