A new piece of malware encrypts images, documents and other files stored on infected systems and advertises a demo version of a paid-for program that can recover them.
“We have detected this piece of ransomware in a software crack that has been sent to analysis by a customer,” said Loredana Botezatu, an e-threats analyst at antivirus firm BitDefender.
Ransomware is a term used to describe malicious applications that lock vital system functions or important documents and ask victims for money in order to restore them.
The new piece of ransomware found by BitDefender encrypts files and folders on the computer, except for those required by the OS to function properly. It then opens a Web page in the browser that offers a recovery tool for US$69.
The interesting aspect about this scheme is that the malware’s authors entice users with a demo version of the recovery tool that is capable of decrypting three files. “Cybercriminals seem to be fine-tuning marketing tactics as we head into the holiday season,” Botezatu said in a blog post.
Encrypting a large number of files with a strong encryption algorithm requires a significant amount of time. In order to speed up the infection process, the ransomware’s authors have decided to exclude files with certain extensions like .exe, com, .bat, .dll, or .msi, and to use a fast, but unsophisticated, algorithm.
This threat is being constantly improved and has multiple variants, each using a slightly modified encryption, said the BitDefender analysts. The company plans to release a free tool capable of restoring files encrypted with versions known so far.
However, victims of other ransomware programs might not be so lucky. There were cases in the past when similar applications used uncrackable encryption algorithms and users were forced to make peace with the fact that their files were gone or to take their chances and pay the ransom. There’s never a guarantee that cybercriminals will provide a solution after receiving the money.
In order to avoid permanent loss, users should back up their important files regularly to a device that is not connected to their computers at all times. Many commercial security solutions include backup features and there are also free solutions available on the market.