Researchers at security company BitDefender have discovered a new ransom Trojan that scrambles its victims’ data before cheekily offering them a ‘trial’ version of the software to prove its ability to successfully unlock files.
For the most part, Trojan.Crypt.VB.U and its variants behave much like any other ransom scam. Once loaded on a Windows system it scrambles any data files it finds before offering to unlock them for a fee, this time by sending them to a web page demanding a rather steep $69 (£44).
The malware’s real innovation is its attempt to overcome reluctant victims’ willingness to pay the fee by offering to decrypt three files in advance of them buying a full license.
BitDefender reports that the type of encryption used turns out to be a simple type of XOR algorithm, which means that decryption would not require huge brute force to break in this instance.
Ransom Trojans have been around for years, ranging from those using watertight encryption such as Gpcode to others manipulating social engineering to make victims believe their files are unrecoverable when they are actually being hidden in trivial ways.
Other examples have been tied into premium rate SMS scams, while one discovered in Japan in 2010 attempted to extort money from victims after copying their porn browsing history on to a public web server.
In September this year, another version of the same attack tried to persuade users it was acting on behalf of Microsoft and users were required to pay money as punishment for running an unlicensed copy of Windows.
Aware that users have over time become less susceptible to simple ransom demands, the impersonation theme has continued to grow, even to the extent of a recent Trojan that claimed to have detected porn on the user’s PC and demanded that a fine be paid to the UK’s Metropolitan Police.
For the criminal, the most important issue is always to convince the victim that they have little alternative but to pay the fee.