.

Blackmail Trojan

<<

oneeyedcarmen

User avatar

Full Member
Full Member

Posts: 233

Joined: Thu Jul 05, 2007 2:13 pm

Location: Baltimore, MD USA

Post Thu Jun 12, 2008 9:10 am

Blackmail Trojan

Evil geniuses came up with this one...bet they even have sharks with frickin' laser beams

From The Inquirer

Blackmailing Trojan encrypts hard-drive
Kaspersky Lab asks for help cracking it

By Nick Farrell: Wednesday, 11 June 2008, 8:06 AM


KASPERSKY Lab has asked the world, plus dog, to help it crack the key to a Trojan that encrypts your hard drive and then demands cash for the key.

Gpcode has been used in isolated "ransomware" attacks for the last two years. The latest version encrypts all .bak, .doc, .jpg and .pdf and deletes the originals. It then erases itself after leaving a message about where to buy a decryption tool.

Kaspersky said that the files the malware encoded cannot be decrypted because it uses a very strong, 1024-bit key.

The insecurity outfit estimates it would take around 15 million modern computers, running for about a year, to crack such a key.

The company has broken Gpcode's encryption keys in the past, but that was only because the malware's maker had made mistakes implementing the encryption algorithm. µ
Reluctant CISSP, Certified ASS
<<

RoleReversal

User avatar

Hero Member
Hero Member

Posts: 928

Joined: Fri Jan 04, 2008 8:54 am

Location: UK

Post Thu Jun 12, 2008 10:02 am

Re: Blackmail Trojan

Seems like a variation on a theme, if you've got backups then you shouldn't have a problem (you do have backups don't you).

IMO this should be an easy one for authorities, follow the money.
<<

Kev

Sr. Member
Sr. Member

Posts: 428

Joined: Sat Sep 29, 2007 12:26 pm

Post Thu Jun 12, 2008 8:31 pm

Re: Blackmail Trojan

Actually depending on where the money is going, it can be hard to track. Well I mean track to the final source. You transfer the money through a few sources and then end up in an unfriendly country and it amazingly disappears. I just hope most people will not be so naive as to assume just by sending money to buy this  decryption tool will correct their problem. 
<<

g00d_4sh

User avatar

Sr. Member
Sr. Member

Posts: 394

Joined: Tue Sep 18, 2007 1:50 pm

Location: Guayaquil, Ecuador

Post Fri Jun 13, 2008 3:44 pm

Re: Blackmail Trojan

Reminds me of a conference I was just at.... where they suggested using 'loosing' of encryption keys for documents as a method for 'destroying' the documents as per a life-expiration thing.  I chuckled at the idea, but this reminds me of it for some reason.  None the less, yeah I have heard of this before.
"Bad.. Good?  I'm the guy with the gun"
<<

divine

Newbie
Newbie

Posts: 12

Joined: Mon Dec 11, 2006 5:11 pm

Location: Dallas

Post Fri Jun 20, 2008 5:03 pm

Re: Blackmail Trojan

It is not too hard to hide the trail of money these days... especially if you can move it through some particular foreign countries that make retrieving data VERY difficult. I am not going to get into detail because I don't want to give a tutorial on how to do this and get away clean but let's just say that foreign commodities are a great way to leave a dead end. Use your imagination from there...

My co-workers and I were actually called in on an investigation where this happened to an executive of a child company of ours. Lucky for us this version of ransomware used rot13 and not a 1024 bit key which would have sucked for us considering local IT had not implemented backups for their executives laptops....

-Jordan
-Jordan
CEPT, CREA, C|EH, MCSE:Security (too many others that I don't care about to list)

Return to Malware

Who is online

Users browsing this forum: No registered users and 1 guest

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software