European Trojan Locks Up Systems

Friday, March 15, 2013 @ 03:03 PM gHale

A new Trojan campaign called Trojan.ArchiveLock is targeting users from France and Spain.

The malware spreads via brute-force attacks against the RDP protocol. Once it infects a computer, the threat copies the console version of WinRar into a local folder, empties the Recycle Bin, deletes backups and creates a list of files that will end up encrypted, said researchers at Doctor Web.

Ransomware Leverages Windows PowerShell
Hiding Code into JavaScript
Trojan a Work of ‘Poetry’
Ransomware Encrypts Data

After this occurs, the files archive into a password-protected file, and the original files delete via a special utility, the researchers said.

Once the files end up encrypted, the victim gets a warning message in which he/she can get the password for the archive in exchange for $5,000.

Victims of Trojan.ArchiveLock should not to pay the ransom, the researchers said. Experts also advise them not to delete any files or reinstall the operating system.

Doctor Web provides a free service to help users recover their files.

Leave a Reply

You must be logged in to post a comment.