Once installed on a victim’s computer, the Trojan will generally encrypt the victim’s files, after which the cyber-criminal demands a monetary ransom to decrypt the kidnapped files.
The ever creative cyber criminal community has now gone one better, with the release of Trojan.Ransompage. This piece of malware is designed to kidnap the victim’s Internet browser, including Internet Explorer, Firefox and Opera.
Note: The latest update of Firefox is apparently unaffected. Another good reason to update.
According to Symantec, Trojan.Ransompage “uses scare or nuisance tactics – similar to rogue antivirus programs, in an attempt to demand ransom from its victims. Once infected with Trojan.Ransompage, a victim’s browser will display a persistent inline ad on every page that the victim visits”.
Roughly translated from Russian, the ransom demand reads in part:
To remove the informer, send SMS message with text [5-digit number] to number [4-digit number].
Enter the code, received in response, MC
Affected Systems: Windows 95, 98, NT, 2000, XP, Vista, Server 2003
Deletes Files: Deletes Web Browser files.
Modifies Files: Modifies Web Browser files.
Releases Confidential Info: May send confidential information to a remote location.
Degrades Performance: Displayed image may degrade Web Browser performance.
Action you can take if infected:
According to Symantec, “the ransomware is designed to expire in 30 days, so anyone who falls victim to the infection can remove it simply by setting their system clock forward one month”.
Common sense security precautions:
Make regular backups of critical data. If you are infected this may be your only solution
Don’t store critical data on the system partition
Don’t open unknown email attachments
Don’t run programs of unknown origin
Disable hidden filename extensions
Keep all applications (including your operating system) patched
Turn off your computer or disconnect from the network when not in use
Disable scripting features in email programs
Make a boot disk in case your computer is damaged or compromised
Turn off file and printer sharing on the computer
Install a personal firewall on the computer
Install anti-virus/anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet
Ensure your anti-virus software scans all e-mail attachments
The authorities need to kick some ass here, and determine who owns the contact phone number and close it down. How hard is that?
If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.