Antivirus Expert: 'Ransomware' is Back

Online criminals are turning away from threatening companies with massive cyberattacks in favor of encrypting a victim's data and then demanding money to decrypt it, an antivirus expert has claimed.

Eugene Kaspersky, head of antivirus research at Russia's Kaspersky Labs, told the RSA Conference here Tuesday that the use of so-called "ransomware Trojans" is a key trend for 2007.

This malicious software infects a PC, encrypts some data and then displays an alert telling the victim to send money to get the decryption key needed to access their data again. Such malicious software isn't new. Early examples include Cryzip, discovered in March 2006, and GPCode, discovered in May 2005.

Cryzip and GPCode didn't cause massive damage, but Kaspersky believes cybercriminals will refine their use of ransomware Trojans this year. The final version of GPCode used a 660-bit encryption key, which should have taken a single powerful PC around 30 years to crack but was actually broken quickly by Kaspersky Labs, he said.

"We cracked it in 10 minutes," Kaspersky explained, "because this guy did not read the cryptographic book until the end. But if he does get to the end, antivirus vendors will not be able to decrypt and recover your data without help."