Ransomware Making a Comeback · Slashdot Mirror

Posted by timothy on Thursday December 2, 2010 @07:05PM from the please-send-money dept.

snydeq writes "Ransomware is back. After a hiatus of more than two years, a variant of the GpCode program has again been released, kidnapping victims' data and demanding $120 for its return, InfoWorld reports. 'Like the ransomware programs before it, GpCode encrypts a victim's files and then demands payment for the decryption key. The new version of GpCode — labeled GpCode.AX by security firm Kaspersky — comes with a bit more nastiness than previous attempts. The program overwrites files with the encrypted data, causing total loss of the original data, and uses stronger crypto algorithms — RSA-1024 and AES-256 — to scramble the information.'"

1 of 202 comments (clear)

Min score:

Reason:

Sort:

No data is actually encrypted..... by Skellbasher · 2010-12-02 19:47 · Score: 5, Informative

Fortinet did an analysis of this. http://blog.fortinet.com/all-your-drives-are-belong-to-us/ It simply backs up the partiton table and rewrites the MBR. It's fixable without paying the ransom.