Ransomware trojan demands $300 for giving returning user data

PandaLabs has uncovered a new ransomware strain: Sinowal.FY. This malicious code encrypts users’ files so that they cannot access them, and demands a ransom for giving them a tool to decrypt the files as well as the decryption key.

When Sinowal.FY installs on the system, it encrypts every single document on the hard disk and creates a file called “read_me.txt” with the kidnapper’s demands. More precisely, the file includes a text demanding a $300 ransom for freeing the files.

“This trojan belongs to the Synowal family, traditionally used to steal passwords and banking details. This variant, however, not only does that, but blackmails users by encrypting their data so that they cannot access it. This is just an example of how malware creators are trying to get as much benefit as possible from a single malware creation”, explains Luis Corrons, Technical Director of PandaLabs.

Also, in order to speed up payment, the text sets a deadline for paying the ransom, claiming that otherwise, all data will be lost. However, this is not true, as the encrypted content remains on the computer.

This type of kidnap is not new. The PGPCoder family of trojans has a long record on the ransomware scene, making its encryption techniques more and more difficult to break. Other malware, Ransom.A, threatened to delete a file every 30 minutes but set a considerably lower ransom: $10.99. Arhiveus.A was perhaps one of the oddest cases, as it did not asked users for money, but to buy products from a certain online drugstore.

The most important thing to contain this type of infection is to have a good preventive solution that stops this and other malicious code from entering your computer. All users that want to know whether their computers have been attacked by these or other malicious code can use TotalScan or NanoScan beta, the free, online solutions available at: http://www.infectedornot.com.