RansomWare Disassembly Reveals Evolutionary Path

flaws writes "The guys at Secure Science Corporation have written a revealing article demonstrating the relationship with the most recent Ransom-based Trojan (known as Glamour) and some previous data stealing trojans. They include an open source decrypting utility for unlocking your files if infected, and some stats that are a bit disturbing. According to their report, in the past 8 months, 152,000 victims have been infected, and over 14.5 million records were discovered to be logged by the trojan."

Why bother?

[bill_mcgonigle]

This is a bit bewildering...implementing real 4096-bit RSA is simple and would have made it extremely difficult, if not impossible, to produce a working decryptor without paying $300." Silly script kiddies.

If you just XOR the data and tell people it's RSA-4096 99.44% of them are going to just accept that it's true (after googling to find out what RSA means) and send you the $300. How many are going to find out about this open source decryptor? I betcha 80% of IT consultants won't even know about it, and half of them will advise to pay up. The other half might refer to law enforcement, but how many of them are even going to have heard of the trojan. Etc., etc., etc.

Easier to just XOR the data and get back to surfing porn. Until somebody traces the bank transfers back to your pad and a tear gas can drops in your window...