Scareware meets ransomware: "Buy our fake product and we'll decrypt the files"

Summary:A newly pushed scareware called File Fix Professional 2009 (FileFix Pro 2009), has the potential to influence the way in which spreaders of rogue security software optimize their revenue in the future - by encrypting critical business files and requiring a $50 purchase of the fake software for the decryption.

A newly pushed scareware called File Fix Professional 2009 (FileFix Pro 2009), has the potential to influence the way in which spreaders of rogue security software optimize their revenue in the future - by encrypting critical business files and requiring a $50 purchase of the fake software for the decryption.

This piece of hybrid ransomware greatly reminds of June, 2008's GPCode targeted campaigns, where the malware author's tactic was undermined by their inability to securely wipe out the deleted files, allowing their recovery without having to pay the authors.

Thankfully, FileFix Pro 2009's encryption is anything but unbreakable, with several vendors already releasing free decryption tools. FileFix Pro 2009 attempts to encrypt files with the following extensions upon executing it:

- doc, xls, ppt, pdf, jpg, jpeg, png, mp3, wma, mdb, pst, docx, docm, dotx, dotm, xlsx, xlsm, xltx, xltm, xlsb, xlam, pptx, pptm, potx, potm, ppam, ppsx, ppsm

A logical question remains - why did they introduce the ransomware motive within a business model that's proven to be highly successful, earning cybercriminals thousands of dollars daily? The economy slowdown affecting their revenues, or plain simple profit optimization strategy? I'd go for the second, and in particular a rather logical move given all the media attention rogue security software started receiving.

From an emphasis on visual social engineering, and traffic acquisition tactics, the affiliate networks set the standards on the basis of which the participants in the network operate. If this tactic goes mainstream, the affiliate network that first implements this on a large scale will be capable of stealing market share from competing networks due to the improved payout rates thanks to the ransomware motive. So far, that doesn't seem to be the case.

FireEye Labs, Symantec, and third party researchers have already released free decrypting tools for FileFix Pro 2009, affected parties can take advantage of.

Topics: Security

About

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popular security blog sharing real-time threats intelligence data with the rest of the community... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.