New ransomware threat appears

By Steve Malone

Posted on 2 May 2006 at 10:52

A new type of ransomware is making the rounds. According to security firm Sophos, the Trojan - dubbed Troj/Ransom-A - threatens to delete one file from an infected computer every 30 minutes until the $10.99 ransom is paid via the Western Union money transfer service.

The malware activates itself and warns that it has hidden itself away and is undetectable unless a CIDN number is entered in the computer. Once entered, the Trojan promises to remove itself. If the malware refuses to go peacefully, the hacker helpfully gives a Yahoo! email address for anyone wanting technical support on how to remove the files.

The program also disables the Ctrl-Alt-Del key combination to prevent anyone trying to close the Trojan before it deletes files.

So-called ransomware is becoming a worrying trend in the development of viruses and other threats. For some time business have been subject to blackmail threats from criminal gangs threatening denial of service attacks against larger web sites. Now it seems that hackers are targeting individual users.

In March this year, Sophos warned of the Zippo Trojan that encrypted a victim's files which could not be unlocked unless a ransom of $300 was paid.

'This Trojan horse is designed to take your data hostage, and tries to scare users into paying up quickly by threatening to wipe files one-by-one,' commented Graham Cluley, senior technology consultant for Sophos. 'Our concern is that this may be the beginning of a growing trend of malware designed to extort money from innocent users.'