Cyber criminals turn to extortion with Zippo-A trojan


Security experts have identified a tojan that encrypts victims' computer files, and then attempts to extort a ransom of $300 to restore the hijacked data.

The Zippo-A trojan horse (also known as CryZip) searches for files on innocent users' computers such as Microsoft Word documents, databases and spreadsheets, and moves them into password-encrypted ZIP files. It then creates another file informing the affected user on how they need to pay $300 to an "eGold account" to recover their data.

Security experts noted that the trojan highlights the need for firms to make regular and frequent data backups.

"The ZippotTrojan horse is bold as brass - scooping up your valuable data and locking it away until you agree to pay the ransom to the criminals who have 'kidnapped' your files. Companies who have made regular backups may be able to recover easily, but less diligent businesses may be in a quandary about whether to cough up the cash," said Graham Cluley, senior technology consultant for Sophos. "In the old days, malware was typically written by teenagers who wanted to show off to their mates. Now most of the viruses and trojan horses we see are being written with the intention of making money from innocent internet users. The attacks are becoming more organised and more malicious, which is why every computer needs to be properly defended."

Researchers from Sophos who have analyzed and disassembled the trojan horse have determined that the password used to encrypt users' data is - 'C:Program FilesMicrosoft Visual StudioVC98'.

"There should be no need for anyone unfortunate enough to have suffered from this ransomware attack to have to pay the reward to the criminals behind it," added Cluley.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.