A woman from Rochdale studying for her nursing degree is believed to be the first victim of 'ransomware' in the UK, after a Trojan encrypted files on her PC.
Arhiveus-A (also known as MayAlert), demands that victims make purchases from one of three online drug stores in return for the password to unlock files.
Anyone attempting to load one of a number of types of data files discovers that they have been zipped into an archive that throws up a message:
"Your computer caught our software while browsing illegal porn pages, all your documents, text files, databases in the folder My Documents was archived with long password."
The Trojan, having deleted itself in order to make its identity harder to detect, then announces: "Do not try to search for a program that encrypted your information – it simply does not exist in your hard disk any more."
Contrary to some reports, the technique is not new. In March an almost identical Trojan, dubbed Cryzip, struck one UK resident who contacted Techworld after being asked to pay $300 (about £160) to an e-gold account.
The encryption Trojan first reared its head in Spring 2005, when a piece of malware of Russian origin was discovered to be using the technique.
The Trojan differs from these examples only in its demands and its pass-phrase. Cryzip used a directory path while, according to security company Sophos, Arhiveus-A can be unlocked after applying the randomly generated string 'mf2lro8sw03ufvnsq034jfowr18f3cszc20vmw'.
"Internet hackers are getting bolder in their attempts to steal money from innocent web users. Once your valuable data is locked away you may be tempted to pay up to rescue your files, but this will only encourage more blackmail attempts in the future," said Graham Cluley of Sophos.
A distinctive element of the encryption Trojan phenomenon is its small scale, deliberately setting out to target just a handful of victims. This helps it avoid publicity and therefore early detection. Cryzip and Arhiveus-A are very likely only the early stages of a new malware epidemic of small-time crookery.
This story first appeared on Techworld.com.