Cryzip Trojan holds files for ransom
eWeek has the scoop on a new trojan horse, dubbed Cryzip, which stores a user's files in password-protected Zip archives and leaves a ransom note demanding $300 for the key. Cryzip searches the victim's C: drive for 44 common file types, including .doc, .jpg, and .cpp. Those files are compressed as "filename_CRYPT_.ZIP" and the originals are overwritten with "Erased by Zippo! GO OUT!!!". Cryzip then leaves a text file named AUTO_ZIP_REPORT.TXT in the affected directory, giving users detailed instructions on how to register an e-gold account and pay $300 to obtain the archive passwords and recover their data.
Thankfully, infection reports are not widespread, so Cryzip will likely remain an insignificant threat to most users. Cryzip isn't even the first Trojan of this type. Last year, the Pgpcoder Trojan also held user data for ransom, although it only targeted 15 file types and demanded $200 for the encryption key.