Ransomware rears ugly head, demands $120 to unlock files

Online extortionists return in a pair of campaigns, say security pros

1 2 Page 2
Page 2 of 2

U.S.-based CA reported Tuesday on a different kind of ransomware that tried to infect the master boot record, or MBR, of the hard drives of Windows machines, crippling them and making them unbootable.

Instead, an extortion note appears on the screen. "Your PC is blocked," the message reads. "Any attempt to restore the drive using other way will lead to inevitable data loss!!!:

The extortionists demand $100 for an unlocking key.

Because the MBR has been replaced, claims that the drive has been encrypted are just part of the hoax, CA said. "Rescue disks and boot disks can be used to restore the MBR of the infected system," the company said on its blog.

Kaspersky had a simpler solution. "Use the password 'aaaaaaciip' (without quotes) to restore the original MBR," advised Kaspersky researcher Denis Maslennikov in another entry on the research lab's blog.

"There's a resurgence of using this tactic," said Wisniewski of Sophos. "We've not seen any successful ransomware for quite some time, but the appearance of two in such a short time is probably not a coincidence."

Users running the newest version of Adobe's Reader, which that company released two weeks ago, are safe from the PDF-borne malware, said Wisniewski. Reader X includes a "sandbox" designed to protect users from PDF attacks; Wisniewski confirmed that the sandbox stops the rogue PDF from infecting a Windows PC.

"And this is a great reason to do regular backups," Wisniewski added.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed . His e-mail address is gkeizer@computerworld.com.

Copyright © 2010 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon