The ransom note states:
Warning! Your have a computer found pirated content! All your files encrypted! To decrypt files you need visit the site http://str.fulba.com and follow the instructions posted on it. If the site is for some reason unavailable refer to the firstname.lastname@example.org. Your id 123456.
You can enter a password 5 times. Above this limit, all files will be deleted! Independent attempts to decrypt the data can to lead to their loss.
It wil then display a password prompt as shown below.
The ransom payment sites are regionally localized to show you the ransom instructions in your language. It determines this based on the IP address of the visitor. An example of the US ransom payment site is below.
Finally, this ransomware will change your Windows wallpaper to a fake message that states:
CONTENT Blocked by SOPA PIPA under authority granted by H.R. 3261 & S.968
With that said, for those who are infected with this Sopa/Pipa/International Police Association/Crap ransomware, you can easily decrypt your files by downloading and running Nathan Scott's decrypter. It should be noted that some anti-virus programs are detecting this infection based on its file modification abilities used by the decrypter, some AV programs may detect it as malicious. This is a false positive, but if you are concerned about the safety of the decryption tool, you can always copy your encrypted data to a virtual machine and run the decrypter from there.
The decrypter can be downloaded from this link: http://download.bleepingcomputer.com/Nathan/StopPirates_Decrypter.exe
Once you start the decrypter, you need to enter the 6 digit identifier assigned to your files, select a folder to scan, and then click on Decrypt to decrypt your files. When using the tool, it is suggested that you select the root of the drive such as C:\ and let the decrypter recursively scan your entire drive. If you are finding that some files, most likely shortcuts, are not properly being decrypted, you should run the program with Administrator privileges.
As always, if you have any questions, please feel free to post them here.
Known Related Ransomware Files:
%Temp%\<random>.exe %Temp%\ag.exe %Temp%\<random>.bmp %Temp%\in.js %Temp%\services.exe