DOT data held for ransom

Pay up to see data on your hard drive, cybercrooks tell Transportation Department, others

The Transportation Department, as well as Booz Allen Hamilton, Hewlett-Packard, Nortel Networks and Unisys have all recently had data on some desktop computers encrypted and held for ransom, charges a British Internet security provider.

On a blog site, Prevx researcher Jacques Erasmus notes that he has seen a new variant of malware that encrypts the contents of the user's hard drive. It then shows a message offering to unencrypt the drive for $300.

According to the company's technical analysis, the malware, called NTOS.exe, scours the hard drive for sensitive information, encrypts the drive and then uploads the content to a secret site. The employees were tricked into downloading the spyware as it was embedded within e-mail or advertisements for job listings, according to the company.

Prevx was able to look at encrypted files uploaded to the secret holding area. The 6,317 files found on the site were tagged with Internet Protocol addresses, presumably the IP addresses from which they came. One file seemingly originated from the Bladensburg, Md., office of the Transportation Department. After unencrypting the file, Erasmus noted it had 500 Kb of sensitive data.

Other computers compromised reside in the Washington and Alexandria, Va., offices of Booz Allen; the Palo Alto, Calif., offices of HP and the Plano, Texas, offices of Nortel. Newswire service Reuters also reports that Unisys suffered a data breach as well.

In the blog posting, Erasmus chided makers of other anti-spyware software for not detecting this malware. The company is currently working with the FBI to shut down the servers. It also is offering a service to unencrypt infected computers.

About the Author

Joab Jackson is the senior technology editor for Government Computer News.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.