But the new malware goes even further in order to conceal itself, according to a report by security experts from IT company Emsisoft on the BleepingComputer website. The small script programs are used to download a photo into which a ZIP archive containing the actual malware is embedded. Thanks to the multiple levels of concealment, the malware goes virtually undetected by anti-virus software (AV).
Files hit by the malware are encrypted and stored with the additional extension .KK. So far there is no known way of decrypting the files again. The blackmailers are requiring victims to pay a ransom of around USD 400 in bitcoins. But no-one knows yet whether the files can actually be decrypted subsequently. The best protection against blackmail Trojans and other malware is still to do regular backups. Some vendors of security software have also developed a special ransomware protection. But the same principle applies: Never open email attachments from an unknown sender.
You will also find news about all aspects of it-sa and the IT security environment in the it-sa Security Newsletter.