PresseBox
Press release BoxID: 119410 (MicroWorld Technologies GmbH)
  • MicroWorld Technologies GmbH
  • Drosselweg 1
  • 76327 Pfinztal
  • http://www.escanav.de

New kidnapper malware asks for $300 ransom

MicroWorld is a pioneer in Content Security Antivirus Messaging Gateway and Firewall solutions. MicroWorld products offer Real Time antivirus solutions based on MicroWorld Revolutionary Technology.

(PresseBox) (Mumbai, ) A new ransomware is spreading on the Internet. It encrypts a whole lot of files on your computer and asks you to pay up $300 to give you the decryption code for recovering the data, say Security Experts at MicroWorld Technologies.

The malware comes into computers through Internet downloads and as a part of dubious programs and utilities. Named as ‘GPcode.ai’, the Trojan raises the current user rights to a higher level in order to modify files and to make changes in the Windows registry. GPcode.ai also injects itself into a legitimate Windows process to remain in the memory and avoid detection.

The ransomware then searches for more than 200 file types and encrypts them all! It also tries to send the stolen data to the remote attacker. What the victim of the attack is left with is hordes of garbage files, and a text file that reads as follows:

Hello, your files are encrypted with RSA-4096 algorithm
(http://en.wikipedia.org/...).

You will need at least few years to decrypt these files without our software.

All your private information for last 3 months were collected and sent to us.

To decrypt your files you need to buy our software. The price is $300.

To buy our software please contact us at ------------- and provide us your personal code ----------- . After successful purchase we will send your decrypting tool, and your private information will be deleted from our system.

“The claim about RSA-4096 is a bogus one as the encryption is done with a much simpler technology,” points out Vikas Vishwasrao, Assistant Manager – R&D, MicroWorld Technologies. “But the false claim and the link to the RSA page on Wikipedia is clever Social Engineering, to make you part with your money at the earliest. Like most malware gangs today, the one behind this too is looking for some quick dollars”.

Though a few cases of ransomware infections were reported last year, this is the first such significant incident in 2007. MayArchive.a was one such malware which directed users to buy pharmaceuticals worth $75 from a Russian website at virtual gunpoint. Another one named GpCode.af used an actual RSA algorithm for encrypting files.

Security experts are keeping a close watch on this tribe of malware. CEO of MicroWorld, Govind Rammurthy, says: “While one branch of malware programs is moving towards stealthier varieties and camouflaged techniques, this offshoot is rather a brazen variety which shows that cyber criminals can go to any levels in stealing your money. Surely, it also points to the need of backing up your data regularly and protecting your computer with a proactive, real-time Antivirus solution”.

MicroWorld

MicroWorld Technologies (www.mwti.net) is the developer of highly advanced AntiVirus, Content Security and Firewall software solutions eScan, MailScan, and eConceal. MicroWorld Winsock Layer (MWL) is the revolutionary technology that powers most of MicroWorld products enabling them to achieve several certifications and awards by some of the most prestigious testing bodies, notable among them being Virus Bulletin, Checkmark, TUCOWS, Red Hat Ready and Novell Ready.

For more information, please visit www.mwti.net

MicroWorld Technologies GmbH

"MicroWorld Technologies (www.mwti.net) is the developer of highly advanced AntiVirus, Content Security and Firewall software solutions eScan, MailScan, and eConceal. MicroWorld Winsock Layer (MWL) is the revolutionary technology that powers most of MicroWorld products enabling them to achieve several certifications and awards by some of the most prestigious testing bodies, notable among them being Virus Bulletin, Checkmark, TUCOWS, Red Hat Ready and Novell Ready.

For more information, please visit www.mwti.net"