madison
Home / News & Blogs

New Trojan encrypts files but leaves no ransom note

Elinor Mills CNET News | November 2, 2009 11:41 AM PST

Summary

Symantec is warning about a new Trojan horse that encrypts files on compromised computers but offers no ransom note like other software designed to hold data hostage for a fee.

Topics

Symantec Corp., Trojan Horse, File, Trojan.Ramvicrype, Microsoft Windows, Spyware, Security, Viruses And Worms, Operating Systems, Software, malware, Symantec, Adware & Malware, Elinor Mills CNET News
Symantec is warning about a new Trojan horse that encrypts files on compromised computers but offers no ransom note like other software designed to hold data hostage for a fee. Instead, the affected user can find a company in a Web search that offers a way to remove the malware.

Trojan.Ramvicrype uses the RC4 algorithm to encrypt files on systems running Windows 98, 95, XP, Windows Me, Vista, NT, Windows Server 2003 and Windows 2000, according to Symantec's Web site.

Computers with files that have the .vicrypt extension are infected, a Symantec researcher wrote in a blog post this weekend.

A Web search for "vicrypt help" brings up a news release for a company called Exquisys Software Technology Ltd in Mauritius offering a product called Antivicrypt that will "repair and restore" files that are "damaged." Symantec reports that the company charges for the product.

For more, read New Trojan encrypts files but leaves no ransom note from CNET News.

Talkback Most Recent of 18 Talkback(s)

  • Is that like robbing a bank and forgetting the loot? (nt)
    nt
    ZDNet Gravatar
    Economister
    2nd Nov 2009
  • A level of Protection... For them
    Naah, it's a way to have plausible deniability. If you're asking for ransom, you're admitting you built the virus.

    This way, they can say "Gosh, Mr. Police/FBI/Interpol guy, I don't know how it got started. It's a lucky coincidence that we happen to know how to fix it....."
    ZDNet Gravatar
    vermonter
    2nd Nov 2009
  • Yes, but WHY write the code?
    Just to piss people off? They REALLY need a life.

    Would you dress up in a robber's suit/mask and carry a gun just for fun? Don't think so. In that case you would at least get to see the looks on the people's faces. These idiots sit around and get off on annoying people totally anonymously for no gain? Good grief!
    ZDNet Gravatar
    Economister
    2nd Nov 2009
  • RE: Yes, but WHY write the code?
    The company selling the decryption software is likely the source of the virus. They probably think it's much harder to get caught hacking computer if they don't leave a ransom note.
    ZDNet Gravatar
    spiegalpwns
    2nd Nov 2009
  • Extortion
    It's just a clever method of extortion.

    The 'crime' can't be traced back to the software vendors, but they are the only ones who can rescue the files, for a price.

    Mark
    ZDNet Gravatar
    markflax
    3rd Nov 2009
  • ...why ... ? ? ?
    why not - people dress up like that at halloween ? ? ?

    ... there is an ancient saying about "idle hands are the devil's toys" ...

    ZDNet Gravatar
    digitrog
    4th Nov 2009
  • Go after the crooks!
    Vermonter has it dead right! The perps may be in Mauritus but their crimes are being committed in this country. The feds should go after them.

    - CompuSolver
    ZDNet Gravatar
    compusolver
    3rd Nov 2009
  • LOL! (nt)
    happy
    ZDNet Gravatar
    GuidingLight
    2nd Nov 2009
  • They do it for the fun, I guess.
    It's so easy they couldn't resist it.

    Can you blame them?
    ZDNet Gravatar
    The Mentalist
    2nd Nov 2009
  • Here's a contentious and un-provable theory
    Black hat Microsoft coders making sure that anyone not on Windows 7 gets sick to the back teeth of their PC being infected by an endless series of Windows specific malware that compromises everything except Win 7.

    Mac and Linux users, carry on without the need for a malware forced upgrade to the latest and greatest virtual petri dish wink

    ZDNet Gravatar
    whisperycat
    3rd Nov 2009
  • RE: New Trojan encrypts files but leaves no ransom note
    If they can't make it malware, spyware and virus free then the companies need to pay the consumer for using their software.
    ZDNet Gravatar
    truckrdude1954
    3rd Nov 2009
  • RE: New Trojan encrypts files but leaves no ransom note
    TruckRDude1954, let me know how that works out for you.

    Does your home builder pay your mortgage after someone breaks into your house? Does the automaker pay your note if someone steals the radio out of your car?

    I was just wondering...
    ZDNet Gravatar
    twells68
    4th Nov 2009
  • Symantec missed the mark about Exquisys
    Do a Google search for vicrypt and you'll find that it's a free
    download to unlock the files. The download is clean and it
    never asks for payment.

    This means one of three things - either Exquisys is using
    vicrypt to get traffic to its site for the password manager
    software, they figured out the vicrypt thing faster than
    Symantec did (wouldn't surprise me as Norton sucks), or the
    made vicrypt just to have fun at other people's expense.
    ZDNet Gravatar
    nix_hed
    4th Nov 2009
  • RE: New Trojan encrypts files but leaves no ransom note
    it looks free now,
    maybe their afraid...
    ZDNet Gravatar
    c00lways@...
    4th Nov 2009
  • RE: New Trojan encrypts files but leaves no ransom note
    i assume some antivirus software vendor will soon make the decrypt software available for free, that should stop the extortion. Doubt if the extortionists will go to court over copyrite as they are probably some faceless geeks from '*****', i wont point any fingers.
    ZDNet Gravatar
    thompsonsa@...
    4th Nov 2009
View More Comments

Talkback - Tell Us What You Think

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity