The so-called "ransomware" Trojan was discovered Saturday by the security firm LURHQ, which said it was based on a similar scheme perpetrated 15 years ago.
Users whose computers are infected receive an e-mail stating that their files have been encrypted and will not be unlocked unless they transfer 300 dollars to a special account.
In poorly written English, the message said, "Do not try to search for a program what encrypted your information -- it simply do not exists in your hard disk anymore. If you really care about documents and information in encrypted files, you can pay using electronic currency 300 dollars. Reporting to police about a case will not help you."
LURHQ said it was not clear how the Trojan was spread, but experts said it could be through infected e-mails or from visiting certain websites.
"Infection reports are not widespread, so it is not believed this is a mass threat by any means," LURHQ said.
"Malware of this nature is actually more successful when it is delivered in low volumes, as it is less likely that anti-virus vendors will have detection for it, and more attention means the likely closing of the accounts used for the anonymous money transfer."
The Trojan "is bold as brass, scooping up your valuable data and locking it away until you agree to pay the ransom to the criminals who have 'kidnapped' your files." said Graham Cluley, senior technology consultant for the security firm Sophos.
"Companies who have made regular backups may be able to recover easily, but less diligent businesses may be in a quandary about whether to cough up the cash."
However Sophos and LURHQ discovered the password -- C:/Program Files/Microsoft Visual Studio/VC98 -- a code disguised as a file.
"So there should be no need for anyone unfortunate enough to have suffered from this ransomware attack to have to pay the reward to the criminals behind it," Cluley said.
Sign In
Create Account
