New ransomeware trojan locks your files till you pay

Image

There is a new type of ransomware showing up. Similar to the FBI virus, this on is a bigger threat. Its purpose is to lock up your office files until you pay up and get the decryption key.

Ransomeware started popping up a few years ago with the FBI notification telling the end user that they will be subject to criminal prosecution id the did not pay a fine. From what we have uncovered about this new ransomeware, it seems once on the computer it creates two keys based on the computers ID. It also creates a new copy of a file ctfmon.exe or svchost.exe and injects it own code into them. The first of the encryption keys is used to encrypt communications with the command and control server. But the second key is the one causing the issue.

The second key is encrypted by the first, and sent to the “central server”. The server then determines which files should be locked up. It goes to work locking up files on the computer it then uses the second key to encrypt them. Once completed it pops up a message asking you to pay up and there is not much that can be done but to pay.

Currently Kaspersky, Trend and a couple of other major companies are working on a fix for this ransomware. But until it comes make sure you backup those files you cant do without.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s