In May 2005, a trojan called PGPcoder was discovered in the wild by Websense Security Labs. The trojan's purpose was to encrypt a user's files, then demand a ransom for their decryption. Although this scheme seemed novel, it is actually predated by over 15 years, by a similar scam in 1989. LURHQ's Threat Intelligence Group has now discovered a third such scheme involving ransomware which we are calling Cryzip. Unlike PGPcoder, which used a custom encryption scheme (which was subsequently reverse-engineered by LURHQ), Cryzip uses a commercial zip library in order to store files inside a password-protected zip. Although the...