The kidnapping Trojan extorted money to re-export Gypsy
After a period of lulling, the hacker is returning to the dangerous tricks: " kidnapping " important data inside the computer for ransom from the user.
The Gpcode-AI Trojan program silently encrypts data inside the infected computer's hard drive before officially requiring users to pay to have the decryption key. This destructive software even integrates the keyboard tracking feature, designed to steal victims' bank accounts and credit cards.
More cunning
" Gpcode-AI belongs to the Synowal family, which is used by hackers to steal passwords and bank information. However, this variation not only successfully completed that job, but it also extorted users from it. " , said Luis Corrons, Technical Director of security firm PandaLabs.
Once installed on the system, Gpcode-AI will encrypt all documents stored on the computer's hard drive and create a file called " read_me.txt " (Read it).
Source: SecurityLabs The content of this file notifies the victim that their computer has been encrypted using RSA-4096 algorithm. " If you want to decode yourself, it will take you at least a few years. All your private information in the last 3 months will be gathered and sent back to me ."
Of course, it is indispensable for hackers to request and bid. " To decode the data, you need to buy our software. Its price is 300 USD ".
Below is the email address for the victim to contact. In any case, the perpetrator always holds the hook because they provide the condition that "successful transactions will send the decryption tool" to the victim, and that private information will be deleted from the hacker database.
Finally there was a grim line: " If you do not contact before July 15, 2007, all your sensitive information will be spread widely and you will lose all data ."
However, according to PandaLabs experts, these threats are only fake. In fact, Gpcode-AI lacks a mechanism to erase all encrypted files and the culprit only uses psychological blows to force the victim to give them fast money.
Psychological post
However, the eloquent statements about their encryption algorithms were not exaggerated.
" The algorithms they use are complex. The victim is hard to decipher without his or her software or the help of security experts. However, this Trojan uses a modified version of RC4, not RSA-4096, as they say, " said another Kaspersky Labs expert.
According to experts, victims should not pay the perpetrator because it only encourages them to commit more crimes. Security firms are actively researching technologies that have just blocked the kidnapping software and recovered the locked data.
For example, Kaspersky Labs has developed a decoding algorithm and will soon add it to its antivirus database.
In fact, extortion software is not a new idea. Ransom-A once threatened to delete a file every 30 minutes if the victim refused to pay the hacker.
Another kind of malware, Arhiveus-A, forces victims to buy drugs from a website that sells drugs online instead of asking for money directly.
Trong Cam
- The principle that every adult must know to prevent kidnapping children
- Hard to believe but true: Ants specialize in 'kidnapping children' to survive
- IT leaders ... re-export Gypsy
- The 'survival' rule must teach your baby to avoid kidnapping
- Detecting trojans kidnapping and turning email into spam
- Tips to distinguish Vietnamese shoes for export
- 9 rules everyone needs to know about money
- The most mysterious kidnappings of UFOs ever recorded
- Armrests against kidnapping
- Appears a trojan ...
- The fake Trojan add-on Trojan is extremely dangerous
- The new Trojan bypasses the virtual keyboard face