08-01-2014 12:21 PM
Security companies have come across a new piece of ransomware that's designed to encrypt files on infected computers. What's interesting about this threat is that it's easy to update and it uses open source software to encrypt files.
Both Symantec and Trend Micro have analyzed the malware, which they've dubbed Trojan.Ransomcrypt.L and BAT_CRYPTOR.A, respectively. Once it infects a computer, the crypto ransomware uses GNU Privacy Guard (GnuPG), an open source implementation of the OpenPGP standard, to encrypt files and hold them for ransom.
The main component of Ransomcrypt is a batch file that enables the attackers to easily update the malware and control its behavior, Symantec said.
"The threat downloads the 1024-bit RSA public key and imports this key through an option in GnuPG. The malware then encrypts the victims’ files by using GnuPG’s Encrypt Files option with the public key. If the user wants to decrypt the affected files, they need the private key, which the malware author owns. It’s difficult for victims to decrypt the encrypted files without this private key," Symantec's Kazumasa Itabashi wrote in a blog post.