New malware holds hard drives hostage

Booz Allen Hamilton, Hewlett-Packard, Nortel Networks and Unisys, as well as the Transportation Department, have all recently had data on some desktop computers encrypted and held for ransom, charges a British Internet security provider.

On a blog site, Prevx researcher Jacques Erasmus notes that he has seen a new variant of malware that encrypts the contents of the user's hard drive. It then shows a message offering to unencrypt the drive for $300.

According to the company's technical analysis, the malware, called NTOS.exe, scours the hard drive for sensitive information, encrypts the drive and then uploads the content to a secret site. The employees were tricked into downloading the spyware as it was embedded within e-mail or advertisements for job listings, according to the company.

Prevx was able to look at encrypted files uploaded to the secret holding area. The 6,317 files found on the site were tagged with Internet Protocol addresses, presumably the IP addresses from which they came. One file seemingly originated from the Bladensburg, Md., office of the Transportation Department. After unencrypting the file, Erasmus noted it had 500 Kb of sensitive data.

Other computers compromised reside in the Washington and Alexandria, Va., offices of Booz Allen; the Palo Alto, Calif., offices of HP and the Plano, Texas, offices of Nortel. Newswire service Reuters also reports that Unisys suffered a data breach as well.

In the blog posting, Erasmus chided makers of other anti-spyware software for not detecting this malware. The company is currently working with the FBI to shut down the servers. It also is offering a service to unencrypt infected computers.

Joab Jackson writes for Government Computer News, 1105 Government Information Group publication.

About the Author

Joab Jackson is the senior technology editor for Government Computer News.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

What is your e-mail address?

My e-mail address is:

Do you have a password?

Forgot your password? Click here
close

Trending

  • POWER TRAINING: How to engage your customers

    Don't miss our July 12 Washington Technology Power Training session on Mastering Stakeholder Engagement, where you'll learned the critical skills you need to more fully connect with your customers and win more business. Read More

  • PROJECT 38 PODCAST

    In our latest Project 38 Podcast, editor Nick Wakeman and senior staff writer Ross Wilkers discuss the major news events so far in 2019 and what major trends are on the horizon. Read More

contracts DB

Washington Technology Daily

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.