BBC
Extortion virus code gets cracked
Do not panic if your data is hidden by virus writers demanding a ransom.
Poor programming has allowed anti-virus companies to discover the password to retrieve the hijacked data inside a virus that has claimed at least one UK victim.
The Archiveus virus caught out British nurse Helen Barrow and swapped her data with a password-protected file.
The virus is the latest example of so-called "ransomware" that tries to extort cash from victims.
Analysis of Archiveus has revealed that the password to unlock the file containing all the hijacked files is contained within the code of the virus itself.
This virus swaps files found in the "My Documents" folder on Windows with a single file protected by a 30-digit password. Victims are only told the password if they buy drugs from one of three online pharmacies.
The 30-digit password locking the files is "mf2lro8sw03ufvnsq034jfowr18f3cszc20vmw". Using the password should restore all the hijacked files.
"Now the password has been uncovered, there should be no reason for anyone hit by this ransomware attack to have to make any payments to the criminals behind it," said Graham Cluley, senior technology consultant for security firm Sophos.
Archiveus was discovered on 6 May but it took the rest of the month for the first victim, Rochdale nurse Helen Barrow, to emerge.
Ms Barrow is thought to have fallen victim when she responded to an on-screen message warning her that her computer had contracted another unnamed virus. The virus asks those it infects to buy drugs on one of three websites to get their files back.
"When I realised what had happened, I just felt sick to the core," said Ms Barrow about the incident.
The Archiveus virus is only the latest in a series of malicious programs used by extortionists to extract cash from victims. Archiveus seems to use some parts of another ransoming virus called Cryzip that was circulating in March 2006.
Extortion virus code gets cracked
Do not panic if your data is hidden by virus writers demanding a ransom.
Poor programming has allowed anti-virus companies to discover the password to retrieve the hijacked data inside a virus that has claimed at least one UK victim.
The Archiveus virus caught out British nurse Helen Barrow and swapped her data with a password-protected file.
The virus is the latest example of so-called "ransomware" that tries to extort cash from victims.
Analysis of Archiveus has revealed that the password to unlock the file containing all the hijacked files is contained within the code of the virus itself.
This virus swaps files found in the "My Documents" folder on Windows with a single file protected by a 30-digit password. Victims are only told the password if they buy drugs from one of three online pharmacies.
The 30-digit password locking the files is "mf2lro8sw03ufvnsq034jfowr18f3cszc20vmw". Using the password should restore all the hijacked files.
"Now the password has been uncovered, there should be no reason for anyone hit by this ransomware attack to have to make any payments to the criminals behind it," said Graham Cluley, senior technology consultant for security firm Sophos.
Archiveus was discovered on 6 May but it took the rest of the month for the first victim, Rochdale nurse Helen Barrow, to emerge.
Ms Barrow is thought to have fallen victim when she responded to an on-screen message warning her that her computer had contracted another unnamed virus. The virus asks those it infects to buy drugs on one of three websites to get their files back.
"When I realised what had happened, I just felt sick to the core," said Ms Barrow about the incident.
The Archiveus virus is only the latest in a series of malicious programs used by extortionists to extract cash from victims. Archiveus seems to use some parts of another ransoming virus called Cryzip that was circulating in March 2006.
