Symantec researcher Kazumasa Itabashi wrote in a blogpost on Thursday that recently he had came across with a ransomware program of which the core component is a simple batch file, a command-line script file.
On this program, developers can easily control and update the malware any time the attacker wants. The batch file downloads a 1024-bit RSA public key from a server and imports it into GnuPG, a free encryption program that also runs from the command line.
GnuPG is cryptographic open source software that helps people ensure the confidentiality, integrity and assurance of their data.GnuPg is an open-source implementation of the OpenPGP encryption standard, is used to encrypt the victim’s files with the downloaded key. In public-key cryptography, which OpenPGP is based on, users generate a pair of associated keys, one that is made public and one that is kept private. Content encrypted with a public key can only be decrypted with its corresponding private key.
Researcher Itabashi says that Symantec call this new ransomware as Trojan.Ransomcrypt.L. This ransomware encrypts files with the following extensions: .xls, .xlsx, .doc, .docx, .pdf, .jpg, .cd, .jpeg, .1cd, .rar, .mdb and .zip.
“If the user wants to decrypt the affected files, they need the private key, which the malware author owns,”- he added.Trojan.Ransomcrypt.L ransomware asked the affected users to pay ransom of $200 in order to recover from the infection. The interesting thing with Trojan.Ransomcrypt.L ransomware, that makes it different from other is that it didn't its use of public-key cryptography for encryption rather it use a legitimate and open-source encryption program instead of creating his own implementation.
With all the free available resource any user can developed a effected ransomware and can also sold it to the underground markets in a low cost to the users who don't have the advanced programming language. Furthermore this can lead to the increase in such threats.