There is a new type of ransomware showing up. Similar to the FBI virus, this on is a bigger threat. Its purpose is to lock up your office files until you pay up and get the decryption key.
Ransomeware started popping up a few years ago with the FBI notification telling the end user that they will be subject to criminal prosecution id the did not pay a fine. From what we have uncovered about this new ransomeware, it seems once on the computer it creates two keys based on the computers ID. It also creates a new copy of a file ctfmon.exe or svchost.exe and injects it own code into them. The first of the encryption keys is used to encrypt communications with the command and control server. But the second key is the one causing the issue.
The second key is encrypted by the first, and sent to the “central server”. The server then determines which files should be locked up. It goes to work locking up files on the computer it then uses the second key to encrypt them. Once completed it pops up a message asking you to pay up and there is not much that can be done but to pay.
Currently Kaspersky, Trend and a couple of other major companies are working on a fix for this ransomware. But until it comes make sure you backup those files you cant do without.
