Sneaky Blackmailing Virus That Encrypts Data

BaCa writes "Kaspersky Lab found a new variant of Gpcode which encrypts files with various extensions using an RSA encryption algorithm with a 1024-bit key. After Gpcode.ak encrypts files on the victim machine, it changes the extension of these files to ._CRYPT and places a text file named !_READ_ME_!.txt in the same folder. In the text file the criminal tells the victims that the file has been encrypted and offers to sell them a decryptor. Is this a look into the future where the majority of malware will function based on extortion?"

They think they're pretty clever.

The fundamental problems with hairbrained schemes like these is that the money has to change hands somehow, and there's a fundamental trust issue. First, if money gets transferred to you then you are susceptible to being caught.

The trust issue is that there is fundamentally no reason for the person receiving the money to follow through and send you the private keys to decrypt the data. If it was a known person, they'd be arrested, and since they're unknown there is no "reputational" factor that would make people more likely to pay based on the experience of others.

Just another moron criminal scheme from some douchebag who thinks he's found a get rich scheme. Just like other "genius" criminals, the fact is that the professionals in the field are smarter than the criminals.

Re:But were they smart, or stupid?

Does it matter? I have backups.

And how often do you roll through your backups? Will you notice the encrypted files in time, or will you end up backing up the worthless files instead?

I have plenty of important files which I don't look at very often. It might take months before I realize they are corrupted -- and by that time, I've overwritten the last valid backup with the encrypted stuff.

Yeah, sure, *that'll* work..

[Duncan+Blackthorne]

*ransom note received composed of random letters clipped from newspaper*

"We have encrypted your illegally copied music files. Put $5000 in unmarked bills in a plain brown paper sack and mail it to: RIAA Washington, D.C. no later than midnight tonight or you'll never listen to your music again"

..but seriously, folks, this starts to sound like some sort of wierd 419 scam. They're not going to decypt your files even if you pay them, and I'll bet you a whole DOLLAR that if you're stupid enough to contact them, they accept only CREDIT CARDS as payment. Chances are that the data isn't even really encrypted, it's just plain overwritten and GONE, copied over with gobbledegook random data, and you'll just get your identity stolen on top of never getting your files back. On the other hand they think they're being really clever, I'm sure, and the ones that think they're clever are usually the ones that get caught quickly and go to jail for a long, long time.

Re:But were they smart, or stupid?

[severoon]

I would happily contact the criminal and send them $1 after working with my bank and law enforcement to set up an account trace to see where the money goes and who ends up with it.

Re:But were they smart, or stupid?

[Threni]

> I would happily contact the criminal and send them $1 after working with my bank and law enforcement to set up an account trace to see
> where the money goes and who ends up with it.

Yeah, because they'd never have thought of that.