Using malware for extortion: striking, but not new!

There have been a number of recent reports of a new attempt to extort money from computer users. It’s done using a piece of malware which, once installed on the victim machine, encrypts the user’s data and drops a text file into each directory demanding $200 for a decryption key (the money to be wired to a specified Internet bank account).

Kaspersky Lab added detection for this code, which we detect as Virus.Win32.GPCode.b, on 20 May. And we added detection for similar code, Virus.Win32.GPCode.a, in December 2004. At the time, Yury posted a weblog entry about it. Not only do we detect the code, but we also decrypt the files.

Of course, this is not the first attempt to use malware to extort money. There have been other reports during the last two years of Trojans used by the criminal underground to try and extort money from large corporations by launching DDoS (Distributed Denial of Service) attacks.

And going even further back, in late 1989 the Aids Information Trojan was sent out on floppy disk by a company calling itself ‘PC Cyborg’. This Trojan encrypted the contents of the victim’s hard disk after 90 re-boots, leaving just a README file containing a bill and a PO Box address in Panama to which payment was to be sent. Dr Joseph Popp, the alleged author of the Trojan, was later extradited to the UK. However, he was deemed unfit to stand trial following his behaviour in court (although an Italian court later found him guilty in absentia).