Another Trojan horse that tries to extort money from victims whose files have been locked up was discovered Thursday by a U.K. security company, making it the third piece of “ransomware” to appear this year.Sophos warned users of “Arhiveus.a,” aka “MayAlert,” a Trojan that encrypts all the files in Windows’ “My Documents” folder after it infects a PC.
When users try to access a file in My Documents, a message pops up that spells out the damage, and warns against going to the authorities.
“Reporting to police about a case will not help you, they do not know the password. Reporting somewhere about our email account will not help you to restore files. Moreover, you and other people will lose contact with us, and consequently, all the encrypted information,” it reads.
Arhiveus/MayAlert requires users to make purchases from one of three online pharmacies before the criminals hand over the 30-character password that unlocks the encrypted files.
“Internet hackers are getting bolder in their attempts to steal money from innocent users,” said Graham Cluley, a senior technology consultant for Sophos, in a statement. “You may be tempted to pay up to rescue your files, but this will only encourage more blackmail attempts. Companies who have made regular backups may be able to recover easily, but less diligent home users may feel forced to cough up the cash.”
Earlier cyber ransoms came from an April 2006 Trojan that demanded $10.99 to stop deleting files, and the better-known as “Zippo.a”, which in March tried to extort $300 from each infected user.
As in the Zippo.a incident, Sophos researchers have cracked the Arhiveus/MayAlert code and extracted the password:
“The password is deliberately long and complicated, [but] there should be no reason for anyone hit by this ransomware attack to have to make any payments to the criminals,” added Cluley.