New malware holds hard drives hostage

Booz Allen Hamilton, Hewlett-Packard, Nortel Networks and Unisys, as well as the Transportation Department, have all recently had data on some desktop computers encrypted and held for ransom, charges a British Internet security provider.

On a blog site, Prevx researcher Jacques Erasmus notes that he has seen a new variant of malware that encrypts the contents of the user's hard drive. It then shows a message offering to unencrypt the drive for $300.

According to the company's technical analysis, the malware, called NTOS.exe, scours the hard drive for sensitive information, encrypts the drive and then uploads the content to a secret site. The employees were tricked into downloading the spyware as it was embedded within e-mail or advertisements for job listings, according to the company.

Prevx was able to look at encrypted files uploaded to the secret holding area. The 6,317 files found on the site were tagged with Internet Protocol addresses, presumably the IP addresses from which they came. One file seemingly originated from the Bladensburg, Md., office of the Transportation Department. After unencrypting the file, Erasmus noted it had 500 Kb of sensitive data.

Other computers compromised reside in the Washington and Alexandria, Va., offices of Booz Allen; the Palo Alto, Calif., offices of HP and the Plano, Texas, offices of Nortel. Newswire service Reuters also reports that Unisys suffered a data breach as well.

In the blog posting, Erasmus chided makers of other anti-spyware software for not detecting this malware. The company is currently working with the FBI to shut down the servers. It also is offering a service to unencrypt infected computers.

Joab Jackson writes for Government Computer News, 1105 Government Information Group publication.

About the Author

Joab Jackson is the senior technology editor for Government Computer News.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

What is your e-mail address?

My e-mail address is:

Do you have a password?

Forgot your password? Click here
close

Trending

  • Dive into our Contract Award database

    In an exclusive for WT Insider members, we are collecting all of the contract awards we cover into a database that you can sort by contractor, agency, value and other parameters. You can also download it into a spreadsheet. Our databases track awards back to 2013. Read More

  • Navigating the trends and issues of 2016 Nick Wakeman

    In our latest WT Insider Report, we pull together our best advice, insights and reporting on the trends and issues that will shape the market in 2016 and beyond. Read More

contracts DB

Washington Technology Daily

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.