Ransomware
Thread Starter
Joined: Apr 2002
Posts: 117
Likes: 0
From: lots of different places....
Ransomware
I just read this on the BBC news website...
http://news.bbc.co.uk/2/hi/uk_news/e...er/5034384.stm
It's quite a scary thought, but what could you do about it? does spybot adaware detect this sort of thing and stop it even getting to the machine? Though it seems like someone just gets access to the machine and puts a password on that folder, a complete pain in the royal.
Other than backing up frequently and stop using the directory "My documents" how would anyone suggest that we protect against this?
It doesn't say how it happened to her, maybe opened an email attachment? any educated guesses?
http://news.bbc.co.uk/2/hi/uk_news/e...er/5034384.stm
It's quite a scary thought, but what could you do about it? does spybot adaware detect this sort of thing and stop it even getting to the machine? Though it seems like someone just gets access to the machine and puts a password on that folder, a complete pain in the royal.
Other than backing up frequently and stop using the directory "My documents" how would anyone suggest that we protect against this?
It doesn't say how it happened to her, maybe opened an email attachment? any educated guesses?
Joined: Mar 2006
Posts: 113
Likes: 0
From: Finland - East of Sweden
As always, make sure your OS patches are installed and invest in a decent antivir package.
Actually, it seems the file ownership is reversible if you know the virus code, at least in some cases:
http://www.f-secure.com/v-descs/mayarchive_b.shtml
It appears the trojan is a rather rudimentary one, but it seems to be somewhat effective nevertheless.
Actually, it seems the file ownership is reversible if you know the virus code, at least in some cases:
http://www.f-secure.com/v-descs/mayarchive_b.shtml
It appears the trojan is a rather rudimentary one, but it seems to be somewhat effective nevertheless.
Last edited by DBTL; 31st May 2006 at 19:04.
Joined: Apr 2003
Posts: 2,292
Likes: 56
From: Lincolnshire
http://news.bbc.co.uk/1/hi/technology/5038330.stm
Analysis of Archiveus has revealed that the password to unlock the file containing all the hijacked files is contained within the code of the virus itself.
The 30-digit password locking the files is "mf2lro8sw03ufvnsq034jfowr18f3cszc20vmw". Using the password should restore all the hijacked files.
Now the password has been uncovered, there should be no reason for anyone hit by this ransomware attack to have to make any payments to the criminals behind it.
The 30-digit password locking the files is "mf2lro8sw03ufvnsq034jfowr18f3cszc20vmw". Using the password should restore all the hijacked files.
Now the password has been uncovered, there should be no reason for anyone hit by this ransomware attack to have to make any payments to the criminals behind it.
Joined: Mar 2006
Posts: 113
Likes: 0
From: Finland - East of Sweden
So there's now a later development from the 1st version whose password was just plaintext in the code. Since the original trojan was written in Visual Basic and left uncompressed, adding new "features" is relatively easy.
