Virus alert: Ransom demanding Trojan on the loose on the Internet

A new deadly virus is currently spreading like wildfire across the Internet and infecting computers. Users of infected computers are in danger of losing their personal files forever – yes forever!  The virus known as Cryptolocker was discovered recently by security researchers and is mostly targeting corporate organizations. The infection was originally spread via  emails  that pretend to  be customer support related issues from companies such as FedEx, UPS, DHL, etc. There are also reports of PCs getting infected through hyperlinks shared via social media and Trojans that pretend to be programs required to view online videos on porn sites.

How it works

These emails contain an attachment that when opened would infect the computer. Once it enters your computer, it  installs itself into your Documents and Settings folder, and adds itself to the list of programs that your PC loads automatically every time you logon.

Once the infection is active on your computer it will scan your drives (local & network) and hold your files hostage by encrypting them using  a mix of RSA & AES encryption algorithm. Files targeted are those commonly found on most PCs; The list of targeted file extensions are as follows:

*.odt, *.ods, *.odp, *.odm, *.odc, *.odb, *.doc, *.docx, *.docm, *.wps, *.xls, *.xlsx, *.xlsm, *.xlsb, *.xlk, *.ppt, *.pptx, *.pptm, *.mdb, *.accdb, *.pst, *.dwg, *.dxf, *.dxg, *.wpd, *.rtf, *.wb2, *.mdf, *.dbf, *.psd, *.pdd, *.eps, *.ai, *.indd, *.cdr, ????????.jpg, ????????.jpe, img_*.jpg, *.dng, *.3fr, *.arw, *.srf, *.sr2, *.bay, *.crw, *.cr2, *.dcr, *.kdc, *.erf, *.mef, *.mrw, *.nef, *.nrw, *.orf, *.raf, *.raw, *.rwl, *.rw2, *.r3d, *.ptx, *.pef, *.srw, *.x3f, *.der, *.cer, *.crt, *.pem, *.pfx, *.p12, *.p7b, *.p7c.

After holding your files hostage, the virus then pops up a screen that contains a note on how to free your files by paying  a ransom of 100 or 300 USD/EUR. The payment can be made via Bitcoin, Ukash, cashU, or MoneyPak . You will also be shown a countdown that states that you need to pay the ransom within 100 hours or your files are lost forever. After that according to the criminals “nobody and never will be able to restore files”.



What can you do?

Unfortunately for now, there is no way to free your files once they are held hostage. Your anti-virus may detect and remove the virus if you scan your computer but can’t restore your files. Although Prevention, in this case, is surely better than cure. Below are suggested preventive measures:

  • Keep your system and software up to date
  • Ensure you have properly configured firewall
  • Make sure your anti-virus is active and up to date
  • Avoid opening attachments you weren’t expecting, or from people you don’t know
  • Enable System Restore on your PC and make regular backups, and store them safely offline

Categories: Corporate Sceurity, Cyber Crime

Tags: , , , , , , , , , , ,

2 replies »

  1. Hmmnn dis is scary o…ransom ke? I hope these criminals are caught soon.


  1. Themaiguard Post | maiguardpost

Leave a Reply

%d bloggers like this: