Last week, SophosLabs saw new ransomware samples employing this technique. On infection, the malware searches for specific types of files (using a list of over 110 file extensions; .doc, .jpg, .pdf, etc), encrypts them, and renames the now unreadable file with a .BLOCKAGE extension. The following ransom message is then displayed to the user:
Bold part is by me
The scary part here is that they aren’t lying when they say that only they can decrypt your files. In fact, the malware makes use of some nifty public-key cryptography which is the same “one-way” (asymmetric) encryption that lets you safely shop online and access online banking.
Paying the ransom is not recommended, and doesn’t even guarantee you will get your files decrypted. To me, this only emphasises the importance of having up-to-date anti-virus, and regular backups of important documents - just in case.
Nothing super new here we've seen encryption being used in New ransomware called Anti-Child Porn Spam Protection The main difference this one is via being hacked and the first one is via a Malware infection.
Backup, Backup, Backup. Keep in mind that if your backup is attached and active it well be encrypted or wiped too.
This is why I backup important things to a External Hard drive and a Optical drive. DVD or BluRay depending on how much I'm backing up as well as leaving the files on the computer. I also turn off my External drive when not using it.
Edited by rotor123, 14 September 2012 - 10:44 AM.