New Delhi: Cyber security sleuths have warned Indian Internet users against a potent Trojan virus in the social media and email circuit which stealthily encrypts important documents of the user and then asks for a `ransom` to unlock proprietary messages.
The audacity of the virus has been categorised as "severe" and cyber experts say such a malicious programme has been detected for the first time which asks for a ransom of an estimated Euro or USD 300 to unlock the genuine files of a user through "anonymous pre-paid cash vouchers".
Once activated in the user`s email or in the operating system, the virus jeopardises the overall security of the user`s classified information.
The number of incidents, perpetrated by the virus called `cryptolocker`, however, are low in India at present.
"An advisory has hence been issued to stop its prevalence and multiplying capability in Indian cyberspace," an expert cyber cop said.
The notorious malware has got as may as seven aliases to hide its original character in the cyberspace.
"It has been observed that the variants of malware family Win32/Trojan.Cryptolocker are spreading widely. Cryptolocker is spreading via malicious hyperlinks shared via spam emails, social media, malicious email attachments (fake FedEx and UPS tracking notices), drive-by-download or as a part of dropped file from other malwares.
"Cryptolocker encrypts files located within local drives, shared network drives, USB drives, external hard drives, network file shares and even some cloud storage drives using RSA public-key cryptography (2048-bit), with the private key stored only on the malware`s control servers," country`s premier cyber security agency-- Computer Emergency Response Team-India (CERT-In) said in its latest advisory to Internet enabled computer users.
"The virus goes on to `disable` infected system functioning and displaying message to user informing that files are encrypted and later demands payment against decryption key in order to decrypt the files, 300 USD or Euro through an anonymous pre-paid cash voucher (i.E. MoneyPak or Ukash), or 2 Bitcoin," it said.
Once a gullible Internet user makes the payment, the advisory said, the time limit is around 72-100 hours and then the private key (of the user) is destroyed on the server.
"Payment of the ransom allows the user to download the decryption program, which is pre-loaded with the user`s private key," it said.
The Trojan downloads encryption key by making a network connection to server names having the extensions like .Biz, .Co.Uk, .Com, .Info, .Net, .Org and .Ru.
The agency has suggested some counter-measures to keep systems safe from the virus attack which include steps like not downloading and opening attachments in emails received from untrusted users or unexpectedly received from trusted users.
"Exercise caution while visiting links to web pages, protect yourself against social engineering attacks, do not visit untrusted websites, enable firewall at desktop and gateway level and disable ports that are not required, avoid downloading pirated software, keep up-to-date patches and fixes on the operating system and application softwares and keep up-to-date antivirus and antispyware signatures at desktop and gateway level," the advisory issued to Internet users said.