I just noticed that many of my system files were changed earlier this morning. The file extensions are being changed to .ptysasj and I found CTB-Locker bitmap and text file notices on my computer.
The files are named:
Here's a summary of my situation:
Machine: Dell XPS 64bit Windows 7 Home
File extensions changed to: PTYSASJ
Files types left on machine: !Decrypt-All-Files-ptysasj.BMP and !Decrpyt-All-Files-ptysasj.txt
One main difference I have noticed with this attack/variant from Cryptorbit is that the files corrupted were system files and application necessary files. For example, this variant actually went and appended the PTYSASJ extension to several components of my Python 3.1 installation. All my Python Lib files/components now have the .PY.ptysasj extension.
It also seemed to single out all my C++ and C# source and header files.
Cryptorbit changed the extensions of all my JPEG, BMP, DOC, PDF, TXT, XLSX, PPT, XLS files. However, so far this ptysasj has not touched my TXT, JPEG, PDFs
Only some of my .DOCX/.DOC files and many of my system files.
I managed to clean my computer from the previous Cryptorbit infection from 2 years ago. Unfortunately my computer was hit just yesterday.
Attached is a screenshot of the ransom bitmap left.
Is there any fix for corrupted files?
Edited by hamluis, 18 October 2015 - 07:11 AM.
Moved from Am I Infected to Gen Security - Hamluis.