The proprietor of the local shop indicated this ransomware was particularly nasty and probably originated in Russia or China. The ransom was to be paid in bitcoin. Apparently, pdf files are a particular target for imbedding the ransomware.
I noticed the machine slowed down, ai88 showed in the tray, and the ransom message appeared on the screen. I did not believe that ComboFix was a appropriate solution for removal of ransomware so I took the machine in.
For the benefit of others, does Superantispyware and/or Malwarebytes detect ransomware imbedded in pdf and other files? Has anyone in the hack community attempted to trace down the authors or users of this ransomware and attempted to disable their machines and/or internet access? This assumes that the government(s) in host states where the ransomware is issued are uncooperative.
Has anyone on this forum encountered the ai88 ransomware? In the event the local shop is unable to deal with the ransomware, what fixes are recommended?
Edited by computerxpds, 23 May 2015 - 11:15 AM.
Deactivated hotlink to potentially malicious website