in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

File Data Encryption Software Being Used To Hold People To Ransom

A new type of scareware is making the rounds.  In fact, it does more than scare: it essentially asks for ransom: either pay up $50, or kiss your data good-bye.  At the heart of this scam, if you can call it that, is what powers AlertBoot's disk encryption software tools that will protect your digital files.  In this case, protect them from you, the rightful owner.

How the scam works

A Trojan tricks users into running a program.  Since this is a Trojan, it's going to look like reputable software.  But, once activated, it starts by encrypting files: Microsoft Word documents, PDF files, etc.  Apparently, it also encrypts the "My Documents" folder.

When a user tries to open the encrypted files, a messages says that "FileFix Pro 2009" will unscramble the data.  The program will decrypt one file, and then demand $50.  I guess someone took inspiration from the drug-dealer model: the first one is free to try, to see that it works.  After that, it's gonna cost ya.

According to networkworld.com, there are fixes for FileFix Pro 2009 at Bleeping Computer and FireEye.  FireEye also has a write-up of the new scareware program

Thankfully, it looks like the encryption used was either weak or flawed, and figuring out how to decrypt the encryption was relatively easy.  If the criminal minds behind this ransomware had used something more powerful (or publicly vetted), like the offerings from AlertBoot, chances are there would be no fix but to pay up.

Ransomware: Not New, Not Scareware

Encrypting files and holding them hostage is not new.  It's happened before.  The twist on this case is that it goes out of its way to appear as something other than asking for ransom: FileFix Pro 2009 is labeled as a "winning software which help [sic] you recover corrupted files."

Also, I have a problem with calling the above scareware, a terminology that's being bandied about in connection to this story.  Scareware works by scaring people into paying up, so if you're not scared, you can ignore the situation...and not pay.  And if you don't pay, there is no fraud, so problem solved.

The FileFix Trojan, though, is more than scare tactics.  You can't just ignore it.

File Encryption Also Available For Forces Of Good

The ability to encrypt all files associated with a particular file extension (*.mp3, *.jpg, *.doc, etc.) is a legitimate tool.  There are different types of encryption methods out there.  A very useful one is whole disk encryption, where all the contents of your hard drive are protected.

However, some like to use document encryption software where select files are protected.  Like spreadsheets only, for example (what's the use of encrypting Solitaire and Internet Explorer? is one rhetorical question I've heard).

Encrypting spreadsheets one-by-one, however, is just asking for someone to stop encrypting files at some point, due to annoyance; the mistaken belief that "nothing will happen;" or just plain forgetfulness.

To counter this, there is an option to automatically encrypt all documents of a specific format.  It looks like this helpful feature has been misappropriated in the above case.  I'd like to take it as an indication that encryption works (or rather, it works when implemented correctly.  No way encryption should be so easily broken.)

Related Articles:
http://www.pcworld.com/article/162009/new_trojan.html?tk=rss_news

 
<Previous Next>

Data Security: What Is Sensitive Information?

Data Protection: KPMG Finds Data Fraud Tripled Since 2007?

Comments

File Data Encryption Software Being Used To Hold People To Ransom - AlertBoot Endpoint Security said:

Pingback from  File Data Encryption Software Being Used To Hold People To Ransom - AlertBoot Endpoint Security

March 26, 2009 9:19 PM
 

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.