We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,258 News Articles

'Ransomware' comes to the UK

Student nurse targeted

A woman from Rochdale studying for her nursing degree is believed to be the first victim of 'ransomware' in the UK, after a Trojan encrypted files on her PC.

Arhiveus-A (also known as MayAlert), demands that victims make purchases from one of three online drug stores in return for the password to unlock files.

Anyone attempting to load one of a number of types of data files discovers that they have been zipped into an archive that throws up a message:

"Your computer caught our software while browsing illegal porn pages, all your documents, text files, databases in the folder My Documents was archived with long password."

The Trojan, having deleted itself in order to make its identity harder to detect, then announces: "Do not try to search for a program that encrypted your information – it simply does not exist in your hard disk any more."

Contrary to some reports, the technique is not new. In March an almost identical Trojan, dubbed Cryzip, struck one UK resident who contacted Techworld after being asked to pay $300 (about £160) to an e-gold account.

The encryption Trojan first reared its head in Spring 2005, when a piece of malware of Russian origin was discovered to be using the technique.

The Trojan differs from these examples only in its demands and its pass-phrase. Cryzip used a directory path while, according to security company Sophos, Arhiveus-A can be unlocked after applying the randomly generated string 'mf2lro8sw03ufvnsq034jfowr18f3cszc20vmw'.

"Internet hackers are getting bolder in their attempts to steal money from innocent web users. Once your valuable data is locked away you may be tempted to pay up to rescue your files, but this will only encourage more blackmail attempts in the future," said Graham Cluley of Sophos.

A distinctive element of the encryption Trojan phenomenon is its small scale, deliberately setting out to target just a handful of victims. This helps it avoid publicity and therefore early detection. Cryzip and Arhiveus-A are very likely only the early stages of a new malware epidemic of small-time crookery.

This story first appeared on Techworld.com.

IDG UK Sites

Best Black Friday 2014 tech deals: Get bargains on smartphones, tablets, laptops and more

IDG UK Sites

What the Internet of Things will look like in 2015: homes will get smarter, people might get fitter

IDG UK Sites

See how Trunk's animated ad helped Ade Edmondson plug The Car Buying Service

IDG UK Sites

Yosemite tips for beginners: Complete Guide to OS X Yosemite