First Posted: 7/30/2012 5:04:57 PM | Last Updated: 7/30/2012 5:04:58 PM
Nasty Trojan that encrypts your files
13 April 2012
There is a lot of nasty malware out there and a new one popped up this week. This particular malware is a Trojan and the idea behind it is not new though the Trojan now has new and improved ways to spread. Unsuspecting users can be infected by the Trojan by clicking on infected links, particularly in forums.
This Trojan is a ransomware that encrypts your files (documents, image and shortcut files) and demands a password to decrypt the files. This password is available for the small price of €50. If the user attempts to enter a password, he will get five attempts before the files are locked and sealed, impossible to decrypt. The Trojan is called Trojan:W32/Ransomcrypt. Once the files have been encrypted, the EnCiPhErEd ending is added to their file name. A text message is displayed, offering the user to enter a password. If the password is wrong (which it of course is because the user has no idea what it could be), another text message appears that offers the release of the encrypted files after the ransom has been paid. F-PROT Antivirus users will be happy to know that a virus definition for this infection has already been released. F-PROT Antivirus users with updated programs should be safe from this malicious Trojan.
To avoid infection of this type, we encourage users to avoid clicking on suspicious links and never to enter their credit card number or transfer money after a mysterious pop-up message from a product or service that you did not request is displayed on their computer. Installing and using a good antivirus is also essential. Also, and this can not be said too many times, it is absolutely vital to have a back up of all files, photos and documents. Regularly take a back up of all your computer data and store it in a safe place.
If you have further questions or believe you have been infected by this Trojan, do not hesitate to contact us.
firstname.lastname@example.org / email@example.com
t. +354 540 7400 / Facebook: F-PROT Antivirus