New ransomware holds Windows files hostage, demands $50

The swindler convinces the mark to withdraw money from the bank

Cybercrooks have hit on a new twist to their aggressive marketing of fake security software, and are duping users into downloading a file utility that holds users' data for ransom, security researchers warned Wednesday.

While so-called "scareware" has plagued computer users for months, those campaigns have relied on phony antivirus products that pretend to trap malware, but actually only exist to pester people into ponying up as much as US$50 to stop the bogus warnings.

The new scam takes a different tack: It uses a Trojan horse that's seeded by tricking users into running a file that poses as something legitimate like a software update.

Once on the victim's PC, the Trojan swings into action, encrypting a wide variety of document types - ranging from Microsoft Word .doc files to Adobe Reader .pdf documents - anytime one's opened. It also scrambles the files in Windows' "My Documents" folder.

When a user tries to open one of the encrypted files, an alert pops up saying that a utility called FileFix Pro 2009 will unscramble the data. The message poses as an semi-official notice from the operating system: "Windows detected that some of your MS Office and media files are corrupted. Click here to download and install recommended file repair application," the message reads.

Clicking on the alert downloads and installs FileFix Pro, but the utility is anything but legit. It will decrypt only one of the corrupted files for free, then demands the user purchase the software. Price? $50.

"This does look like a new tactic," said David Perry, the global director of education for antivirus vendor Trend Micro Inc. "But all online fraud is just minor variations of classic con games. This is just the 'Bank Examiner' played out on the Internet."

That classic con, said Perry, typically involves a swindler posing as an official, a bank examiner or FBI agent, who asks for help in an investigation.

The swindler convinces the mark to withdraw money from the bank - it's needed to catch the non-existent crook in the act - and promises to return the funds at the end of the case. Of course, the money vanishes, along with the grifter.

On the Web, data hostage scams like this are called "ransomware," for obvious reasons. This isn't the first time the tactic's been used, but it is remarkably polished, said Perry. "We've not seen 'ransomware' with this level of sophistication," he said.

Users who have fallen for the FileFix Pro 2009 con do not have to fork over cash to restore their files, according to other researchers, who have figured out how to decrypt the data.

The Bleeping Computer site, for instance, has a free program called "Anti FileFix" available for download that unscrambles files corrupted by the Trojan. And security company FireEye Inc. has created a free online decrypter that also returns files to their original condition.

Alex Lanstein, a malware researcher at FireEye who blogged about FileFix Pro 2009 last week, called the turn from scareware to ransomware "sobering."

"Although we broke the encryption, it's a sobering realization of the state of malware that it is now actively extorting users by holding their data ransom," Lanstein said. "Despite this version of FileFix being trivial to crack, it does not bode well for the future of Internet malware."

If ransomware follows a similar path as scareware, criminals will be hustling to mimic FileFix Pro: According to some estimates, crooks make as much as $5 million a year pushing fake antivirus software.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags malwareransomware

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.
Gregg Keizer

Gregg Keizer

Computerworld (US)
Show Comments

Cool Tech

Toys for Boys

Family Friendly

Stocking Stuffer

SmartLens - Clip on Phone Camera Lens Set of 3

Learn more >

Christmas Gift Guide

Click for more ›

Brand Post

Bitdefender 2019

This Holiday Season, protect yourself and your loved ones with the best. Buy now for Holiday Savings!

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Aysha Strobbe

Microsoft Office 365/HP Spectre x360

Microsoft Office continues to make a student’s life that little bit easier by offering reliable, easy to use, time-saving functionality, while continuing to develop new features that further enhance what is already a formidable collection of applications

Michael Hargreaves

Microsoft Office 365/Dell XPS 15 2-in-1

I’d recommend a Dell XPS 15 2-in-1 and the new Windows 10 to anyone who needs to get serious work done (before you kick back on your couch with your favourite Netflix show.)

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Cathy Giles

Brother MFC-L8900CDW

The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?