PandaLabs has uncovered a new ransomware strain: Sinowal.FY. This malicious code encrypts users’ files so that they cannot access them, and demands a ransom for giving them a tool to decrypt the files as well as the decryption key.
When Sinowal.FY installs on the system, it encrypts every single document on the hard disk and creates a file called “read_me.txt” with the kidnapper’s demands. More precisely, the file includes a text demanding a $300 ransom for freeing the files.
Also, in order to speed up payment, the text sets a deadline for paying the ransom, claiming that otherwise, all data will be lost. However, this is not true, as the encrypted content remains on the computer.
This type of kidnap is not new. The PGPCoder family of Trojans has a long record on the ransomware scene, making its encryption techniques more and more difficult to break. Other malware, Ransom.A, threatened to delete a file every 30 minutes but set a considerably lower ransom: $10.99. Arhiveus.A was perhaps one of the oddest cases, as it did not asked users for money, but to buy products from a certain online drugstore.