Warning this article may contain opinions of the author that you and iTWire don't necessarily agree with. Don't let them get away with it - have your say with a comment!

No. 1 Story

Construction needs cloud flexibility

Australia’s embattled construction sector could benefit from cloud based information systems that can be switched on and off in lockstep with individual projects – with the exception of those organisations based in remote areas like the Kimberleys.

read more

More From

Popular Threads

Rubbishy ransomware wreaking new havoc on regular users

Alex Zaharov-Reutt
Wednesday, 27 January 2010 04:30

Opinion and Analysis

View Comments
Page 1 of 2
F-Secure is warning Windows users worldwide of a new ransomware trojan that silently encrypts your data, tells you your data has been corrupted, and tries selling you “data doctor” software to fix the corrupted files – when all it does it decrypt the data, in what is an almost perfect scam!

Uh-oh… the ravenous ravages of ridiculous ransomware have returned to wreak mental and financial havoc on unsuspecting Windows users, while leaving them none the wiser that a trojan has tricked them into emptying their wallets.

F-Secure APAC’s Senior Manager of “Security Response”, Wing Fei Chia, explains that: “When the W32/DatCrypt trojan infects a computer, it makes it seem as if some files, such as Microsoft Office documents, video, music and image files have been ‘corrupted’, when the files have in fact been encrypted by DatCrypt.

“Next the trojan creates what looks like an authentic message from Windows, advising the user to download and execute the ‘recommended file repair software’ called Data Doctor 2010,” says Chia.

Clearly using the hard-to-detect social engineering trick of appearing to be a legitimate Windows message in order to get users to download the recommended software solution, what is already bad news for affected Windows users only proceeds to get worse.

What happens next for users that download the Data Doctor 2010 utility, and then install it, is the appearance of another message that tells users that it can "only repair one file in unregistered version".

As F-Secure notes, in order to “repair”, or as they more accurately point out, “decrypt”, more than one solitary file, Data Doctor 2010 demands payment of US $89.95, at which point the users files are indeed decrypted, and normal access restored – although the w32/DatCrypt trojan likely remains, ready for new instructions whenever its masters decide they want more money, or want to change tack and get the trojan to do something else. 

Continued on page 2…


Start 1 2 Next 

Our Services for Technology Professionals

E - mail News SMS Headlines Desktop Alerts News Feeds Job Alerts Technology Events Press-Releases