Daily cyber threats and internet security news: network security, online safety and latest security alerts
October 29th, 2009

New LoroBot Ransomware Encrypts Files, Demands $100 For Decryption

Researchers from CA have intercepted a new ransomware variant encrypting popular file extensions (.zip; .rar; .pdf; .rtf; .txt; .jpg; .jpeg; .waw; .mp3; .db; .xls; .docx; .xlsx; .doc) and demanding a $100 for the decryption software.

According to the message which replaces the desktop’s background upon execution, the files are encrypted with 256-bit AES encryption, and that “there’s a 0% chance that you will be able to manually decrypt the files without the encryption key“. However, this particular cybercriminal appears to be bluffing since the ransomware encrypts the data using the XOR cipher.

Naturally, by doing so he allowed CA’s researchers to release a free decryptor for Win32/Gpcode.J. Despite that compared to previous campaigns, this one looks rather primitive, ransomware is clearly a trend, one that has already started converging with popular delivery channels such as scareware, and utilizing efficient payment processes such as the ubiquitous SMS micro-payment.

Throughout the entire 2009, cybercriminals have indicated their long-term interest in the development of alternative extortion tactics in order to efficiently earn as much micro-payment revenue as possible. The most recent case of such an alternative extortion tactic, was the introduction of SMS ransomware variant that was displaying persistent inline ads within the browsers of infected victims, often showing disturbing adult content, while requiring a premium-rate SMS for removal.

With the ever-decreasing price for do-it-yourself SMS ransomware building tools within the underground marketplace (average price is between $15 and $30), new market entrants will inevitably prompt the vendors of these releases to “innovate” and introduce new features in an attempt to compete with one another.

Interestingly, despite GPCode’s and LoroBot’s practice of encrypting popular file extensions, the majority of SMS-based ransomware releases currently offered for sale, emphasize on the practice of locking down an infected party’s computer using “Unlicensed copy of Windows” themes, instead of encrypting files.

Credit: Security Blogs

Share this item with others:

More on CyberInsecure:
  • Updated Blackmailer Virus Gpcode Encrypts User Data And Demands Payment For Decryption
  • Scareware Makes Files And Folders Invisible, Demands Ransom For Repair Utility
  • Ransomware Blocks Internet Access, Forces Users To Send Premium Rate SMS
  • New Scareware Blocks Access To Popular Websites, Demands Fake “Internet Security 2010″ To Be Installed
  • New Tool For Graphics Cards Threaten Wireless Networks Encryption

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: New LoroBot Ransomware Encrypts Files, Demands $100 For Decryption

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.