New malware holds hard drives hostage
- By Joab Jackson
- Jul 19, 2007
Booz Allen Hamilton, Hewlett-Packard, Nortel Networks and Unisys, as well as the Transportation Department, have all recently had data on some desktop computers encrypted and held for ransom, charges a British Internet security provider.
On a blog site
, Prevx researcher Jacques Erasmus notes that he has seen a new variant of malware that encrypts the contents of the user's hard drive. It then shows a message offering to unencrypt the drive for $300.
According to the company's technical analysis
, the malware, called NTOS.exe, scours the hard drive for sensitive information, encrypts the drive and then uploads the content to a secret site. The employees were tricked into downloading the spyware as it was embedded within e-mail or advertisements for job listings, according to the company.
Prevx was able to look at encrypted files uploaded to the secret holding area. The 6,317 files found on the site were tagged with Internet Protocol addresses, presumably the IP addresses from which they came. One file seemingly originated from the Bladensburg, Md., office of the Transportation Department. After unencrypting the file, Erasmus noted it had 500 Kb of sensitive data.
Other computers compromised reside in the Washington and Alexandria, Va., offices of Booz Allen; the Palo Alto, Calif., offices of HP and the Plano, Texas, offices of Nortel. Newswire service Reuters also reports that Unisys suffered a data breach as well.
In the blog posting, Erasmus chided makers of other anti-spyware software for not detecting this malware. The company is currently working with the FBI to shut down the servers. It also is offering a service
to unencrypt infected computers.Joab Jackson writes for Government Computer News
, 1105 Government Information Group publication
Joab Jackson is the senior technology editor for Government Computer News.