A new Ransomware that started circulating since the
first week of May is getting wider in proliferation
with more reports of its infections coming in from
various sources. Security Experts at
MicroWorld Technologies inform that the malware
named as ‘Trojan.Win32.MayArchive.a’, directs
users to buy pharmaceuticals worth $75 from a Russian
website at virtual gunpoint.
Ransomware is often a Trojan that steals files, encrypts
them and then asks for a ransom in return of a password
that lets you regain access to those files. MayArchive
is a bit different in that sense as it does not encrypt
files but strings them together and archives them
in a file by the name ‘EncryptedFiles.als’.
Then it deletes all the original files and creates
a text file in the same folder by name “INSTRUCTIONS
HOW TO GET YOUR FILES BACK”.
It reads,
“Do not try to search for a program that encrypted
your information – it simply does not exist in
your hard disk anymore. Reporting to police about
a case will not help you, they do not know the password.
Reporting somewhere about our email account will not
help you to restore files. Moreover, you and other
people will lose contact with us, and consequently,
all the encrypted information.”
As the only way to get your files back, it directs
you to spurious online drug stores and tells you to
buy from a few medicines listed over there. As soon
as your order is verified, it guarantees to send you
the password to unlock the files.
“Our products eScan
and MailScan
have been updated with the cure for this Trojan since
May 9, 2006 and users updating the software regularly
have no reasons to worry,” says Sulabh Mahant,
Security Analyst, MicroWorld
Technologies. “MicroWorld had reported about
‘Win32.Zippo.10’
in the month of March, which asked for a $300 direct
transaction into an E-Gold account in return of the
hijacked files! Definitely, Ransomware is on the rise
and they are trying different technologies and modes
of transaction.”
In the wake of these emerging Ransomwares and the
increasing media attention that they are attracting,
there’s another breed trying to make the most
of it by cashing in on the general ignorance of users.
A recently found malware termed as Ransom.A, would
scare the infected user with a full screen message
every time he logs on. The coercing message tells
the user that one file per 30 minutes will be deleted
from the hard drive and the files will be restored
when user pays up $10.99 via Western Union. The fact
is that the Trojan is just a pretentious bully and
doesn’t to do what it claims!
Experts at MicroWorld have been closely monitoring
the metamorphosis of Ransomware and how it could play
out in the future. Govind Rammurthy, CEO, MicroWorld
Technologies, observes “Ransomware is in
its fledgling stages and has still not grown to a
level where it can become a large scale threat. But
what’s worrying is the fact that this breed is
fast advancing in technology and can be used in enterprise
level information hijack and extortion. Its newfound
connection with international Drug Syndicate, emerging
with ‘MayArchive’, is another cause of concern
as well.”
MicroWorld
MicroWorld (www.mwti.net
) is the developer of the world's first Real-Time
Anti-Virus and Content Security software eScan
for desktops and servers. Its communication security
software,
MailScan is the first comprehensive e-mail
scanner for your SMTP/POP3 Mail Server. MicroWorld
Winsock Layer (MWL) is the revolutionary technology
underlying these products, powering them to several
certifications and awards by some of the most prestigious
testing bodies, notable among them being Virus Bulletin,
Checkmark, TUCOWS, Red Hat Ready, and Novell Ready.
Combining their powerful scanner with MWL technology,
MicroWorld solutions provide a Real-Time Proactive
security for your systems. For network security of
enterprises, eConceal Firewall is the latest powerful
offering from MicroWorld.
To learn more, kindly visit http://www.mwti.net.
