One of our customers has been infected with a ransomware which we suspect is a new type.
The odd thing is that this variant doesn't change the file extension, but causes something which prevents it from being opened.
Luckily, our customer noticed the problem in time and terminated the encryption process midway by logging off, saving some of the data.
As someone here already mentioned, this is indeed the Teslacrypt 4.0
The difference though, is that the extensions aren't changed.
Since the extensions aren't changed, we have to resort to other methods of finding which files are encrypted and which aren't like checking the modified date.
We somehow managed to obtain 2 files of the virus, which we submitted to malwr.com
The scary thing about this one, is that this one doesn't get detected by our malware scanners, it even got through our Sophos firewalls.
This means that at the time this was written, virus scanners are unreliable in detecting this one and you have to do all the cleaning manually.
I'm going to fire up Caine later and check them out, time to make myself useful.
Edited by Tsubakura, 22 March 2016 - 04:54 PM.