Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
A new ransomware variant encrypts files on a computer but uses a novel twist on monetising the extortion threat, according to researchers at Symantec. Instead of demanding money directly for decryption keys, as has been the case in other instances, it presumes that the owner of an infected computer will search for information to help unlock the files. The search typically leads to a fraudulent company offering a fix but requiring a payment to obtain it.The malware was found by Shunichi Imano, an engineer with Symantec Security Response. In a blog post last week, he said that the malicious software, called Trojan.Ramvicrype, uses the RC4 algorithm to encrypt files on compromised computers, rendering them unusable.Once on a victim's machine, the trojan encrypts files in recently-opened locations, Imano said.“One of the worst-case scenarios occurs when a file in the Windows system folder has recently been opened,” he said. “This leads to a situation in which the threat encrypts all files in the Windows system folder, the computer is critically damaged and the user is unlikely to be able to access the internet to search for the fix.”Ransomware typically display a message demanding users pay online criminals in exchange for keys that can be used to unlock a computer or decrypt any encrypted files. One case last year involved malicious ads that were able to evade detection scans run by websites or third-party ad networks.To help prevent infections such as these, Symantec recommends that users take standard precautions, such as using complex passwords, ensuring that programs use the lowest level of privileges necessary, disabling file-sharing if not needed, keeping patches up-to-date, and isolating compromised computers quickly to prevent threats from spreading.Symantec has posted a fix for the Trojan.Ramvicrype infection here.See original article on scmagazineus.com
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.