We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

'Ransomware' comes to the UK

Student nurse targeted

A woman from Rochdale studying for her nursing degree is believed to be the first victim of 'ransomware' in the UK, after a Trojan encrypted files on her PC.

Arhiveus-A (also known as MayAlert), demands that victims make purchases from one of three online drug stores in return for the password to unlock files.

Anyone attempting to load one of a number of types of data files discovers that they have been zipped into an archive that throws up a message:

"Your computer caught our software while browsing illegal porn pages, all your documents, text files, databases in the folder My Documents was archived with long password."

The Trojan, having deleted itself in order to make its identity harder to detect, then announces: "Do not try to search for a program that encrypted your information – it simply does not exist in your hard disk any more."

Contrary to some reports, the technique is not new. In March an almost identical Trojan, dubbed Cryzip, struck one UK resident who contacted Techworld after being asked to pay $300 (about £160) to an e-gold account.

The encryption Trojan first reared its head in Spring 2005, when a piece of malware of Russian origin was discovered to be using the technique.

The Trojan differs from these examples only in its demands and its pass-phrase. Cryzip used a directory path while, according to security company Sophos, Arhiveus-A can be unlocked after applying the randomly generated string 'mf2lro8sw03ufvnsq034jfowr18f3cszc20vmw'.

"Internet hackers are getting bolder in their attempts to steal money from innocent web users. Once your valuable data is locked away you may be tempted to pay up to rescue your files, but this will only encourage more blackmail attempts in the future," said Graham Cluley of Sophos.

A distinctive element of the encryption Trojan phenomenon is its small scale, deliberately setting out to target just a handful of victims. This helps it avoid publicity and therefore early detection. Cryzip and Arhiveus-A are very likely only the early stages of a new malware epidemic of small-time crookery.

This story first appeared on Techworld.com.


IDG UK Sites

Best Christmas 2014 UK tech deals, Boxing Day 2014 UK tech deals & January sales 2015 UK tech...

IDG UK Sites

Apple's 2014 highlights: the most significant Apple news of 2014

IDG UK Sites

2015 creative trends: 20 leading designers & artists reveal the biggest influences & changes coming)......

IDG UK Sites

Ultimate iOS 8 Tips: 35 awesome and advanced tips for using iOS 8 on iPhone and iPad