Your local computer technicians

New ransom virus encrypts your files unless you pay

New ransom virus encrypts your files unless you pay

2nd December, 2010
|

Details of a new virus spreading through PDF files, that renders your information unreadable unless you pay them for a fix. Learn more about it and how to prevent it.

Computer Troubleshooters franchisees have reported seeing computers at the mercy of the latest virus, which holds your information to ransom.

The symptoms include your computer’s desktop turning white with the following message:

Attention!!!! All your personal files were encrypted with a strong algorythm RSA-1024 and you can’t get an access to them without making of what we need!
Read ‘How to decrypt’ txt-file on your desktop for details Just do it as fast as you can!
Remember: Don’t try to tell someone about this message if you want to get your files back! Just do all we told.

The virus ‘Trojan.Ransom-U’ does indeed encrypt your files and tells you to wire transfer $120 and email datafinder@fastmail.fm for a fix. It also threatens to delete your files permanently if you seek outside help. The ransom note is contained in the How to decrypt files.txt file on your desktop.

Your virus scanning software may detect a strangley named executable file (.exe), where the name is a random string of numbers and/or letters.

At the moment, there is no known way to clean or un-encrypt your files. The only recovery steps are to turn off Windows System Restore, scan and clean your computer in safe mode and restore your files from your last known-working backup.

If you are fortunate enough to be reading this BEFORE your own PC has become a victim, follow the advice of Lloyd Borrett from AVG to secure your Adobe Acrobat PDF Reader software with a few simple changes to its settings:
http://www.avg.com.au/news/avg_protect_your_pcs_against_adobe_reader_security_flaws/

Also, take the time to confirm that your computer’s backup is working correctly, as restoring your files from your backup may be your only option to recover from Ransom-U.