We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
79,812 News Articles

Virus holds data hostage and demands ransom

Un-encrypting files costs £35

Cybercriminals are using fake security software that holds a web user's data for ransom, say security researchers.

While so-called 'scareware' has plagued computer users for months, those campaigns have relied on phony antivirus products that pretend to trap malware, but actually only exist to pester people into forking out as much as $50 (£35) to stop the bogus warnings.

The new scam takes a different tack: It uses a Trojan horse that's seeded by tricking users into running a file that poses as something legitimate like a software update. Once on the victim's PC, the Trojan encrypts a wide variety of document types - anything from .doc files to Adobe Reader .pdf documents, - anytime its opened. It also scrambles the files in Windows' 'My Documents' folder.

When a user tries to open one of the encrypted files, an alert pops up saying that a utility called FileFix Pro 2009 will unscramble the data. The message poses as an semi-official notice from the operating system: "Windows detected that some of your MS Office and media files are corrupted. Click here to download and install recommended file repair application," the message reads.

Clicking on the alert downloads and installs FileFix Pro, but the utility is anything but legit. It will decrypt only one of the corrupted files for free, then demands the user purchase the software. Price? $50 (£35).

"This does look like a new tactic," said David Perry, the global director of education for antivirus vendor Trend Micro. "But all online fraud is just minor variations of classic con games. This is just played out on the internet."

On the web, data hostage scams are called 'ransomware', for obvious reasons. This isn't the first time the tactic's been used, but it is remarkably polished, said Perry.

"We've not seen 'ransomware' with this level of sophistication," he said.

Users who have fallen for the FileFix Pro 2009 con do not have to fork over cash to restore their files, according to other researchers, who have figured out how to decrypt the data.

The Bleeping Computer site, for instance, has a free program called 'Anti FileFix' available for download that unscrambles files corrupted by the Trojan. And security company FireEye has created a free online decrypter that also returns files to their original condition.
Alex Lanstein, a malware researcher at FireEye said the turn from scareware to ransomware "sobering."

"Although we broke the encryption, it's a sobering realisation of the state of malware that it is now actively extorting users by holding their data ransom," Lanstein said.

"Despite this version of FileFix being trivial to crack, it does not bode well for the future of Internet malware."


IDG UK Sites

The 30 best TV shows on Netflix UK: Our pick of the best programmes you can watch right now

IDG UK Sites

Nostalgia time: Top 10 best selling mobile phones in history

IDG UK Sites

VFX Emmy: Game of Thrones work garners gong for Rodeo FX

IDG UK Sites

Apple 13-inch MacBook Pro with Retina review (2.6GHz, 128GB, mid-2014)