Incidents

Using malware for extortion: striking, but not new!

There have been a number of recent reports of a new attempt to extort money from computer users. It’s done using a piece of malware which, once installed on the victim machine, encrypts the user’s data and drops a text file into each directory demanding $200 for a decryption key (the money to be wired to a specified Internet bank account).

Kaspersky Lab added detection for this code, which we detect as Virus.Win32.GPCode.b, on 20 May. And we added detection for similar code, Virus.Win32.GPCode.a, in December 2004. At the time, Yury posted a weblog entry about it. Not only do we detect the code, but we also decrypt the files.

Of course, this is not the first attempt to use malware to extort money. There have been other reports during the last two years of Trojans used by the criminal underground to try and extort money from large corporations by launching DDoS (Distributed Denial of Service) attacks.

And going even further back, in late 1989 the Aids Information Trojan was sent out on floppy disk by a company calling itself ‘PC Cyborg’. This Trojan encrypted the contents of the victim’s hard disk after 90 re-boots, leaving just a README file containing a bill and a PO Box address in Panama to which payment was to be sent. Dr Joseph Popp, the alleged author of the Trojan, was later extradited to the UK. However, he was deemed unfit to stand trial following his behaviour in court (although an Italian court later found him guilty in absentia).

Using malware for extortion: striking, but not new!

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Reports

ToddyCat: your hidden email assistant. Part 2

An in-depth analysis of Umbrij, a new tool used by the ToddyCat APT group to compromise corporate email communications in Gmail. The attack targeted OAuth authorization tokens, allowing threat actors to gain access to Google services.