The malware comes into computers through Internet downloads and as a part of dubious programs and utilities. Named as 'GPcode.ai', the Malware raises the current user rights to a higher level in order to modify files and to make changes in the Windows registry. GPcode.ai also injects itself into a legitimate Windows process to remain in the memory and avoid detection.

The ransomware then searches for more than 200 file types and encrypts them all! It also tries to send the stolen data to the remote attacker. What the victim of the attack is left with is hordes of garbage files, and a text file that reads as follows:

Hello, your files are encrypted with RSA-4096 algorithm
(http://en.wikipedia.org/wiki/RSA).

You will need at least few years to decrypt these files without our software.
All your private information for last 3 months were collected and sent to us.

To decrypt your files you need to buy our software. The price is $300.
To buy our software please contact us at ------------- and provide us
your personal code ----------- . After successful purchase we will send
your decrypting tool, and your private information will be deleted from our system.

"The claim about RSA-4096 is a bogus one as the encryption is done with a much simpler technology," points out Vikas Vishwasrao, Assistant Manager - R&D, MicroWorld Technologies. "But the false claim and the link to the RSA page on Wikipedia is clever Social Engineering, to make you part with your money at the earliest. Like most malware gangs today, the one behind this too is looking for some quick dollars".

Though a few cases of ransomware infections were reported last year, this is the first such significant incident in 2007. MayArchive.a was one such malware which directed users to buy pharmaceuticals worth $75 from a Russian website at virtual gunpoint. Another one named GpCode.af used an actual RSA algorithm for encrypting files.

Security experts are keeping a close watch on this tribe of malware. CEO of MicroWorld, Govind Rammurthy, says: "While one branch of malware programs is moving towards stealthier varieties and camouflaged techniques, this offshoot is a rather brazen variety which shows that cyber criminals can go to any levels in stealing your money. Surely, it also points to the need of backing up your data regularly and protecting your computer with a proactive, real-time Antivirus solution".