Based on the HiddenTear project, this ransomware encrypts files with AES-256, and appends ".locked" to the file extension.
The ransom note is titled "WindowsUpdate.locked", and shows the following message.
All your files are now under my rule, Pay me some Bitconis and make them yours
The infection is a fake bank statement file title "Bank_Account_Summary.pdf.exe" that may come in though emails.
The payment site is a fake CryptoWall page: http://184.108.40.206/cryptowall
One interesting behaviour is it will try to ping the above site; if any of 10 pings fail, it will show a message.
Are you trying to fool me? Connect me to the Internet ;)
If anyone has been hit by this ransomware, please share a few sample encrypted files via PM. I may have a way to decrypt the files, but would like to confirm with some samples before officially stating that it will work.
Edited by quietman7, 30 August 2016 - 07:19 AM.