A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #3757  by egomoo
 Mon Nov 29, 2010 5:12 am
Researchers at SophosLabs are analysing a new ransomware attack that appears to have hit computer users via a drive-by vulnerability on compromised websites.

Malicious hackers are spreading the ransomware, which encrypts media and Office files on victim’s computers, in an attempt to extort $120. In a nutshell – you can’t access your files because the malicious code has encrypted them (in our observations, the whole file isn’t encrypted – just the first 10% or so), and the hackers want you to pay the ransom if you want your valuable data back.

The attack, which Sophos detects as Troj/Ransom-U, changes your Windows desktop wallpaper to deliver the first part of the ransom message.
Attention!!!

All your personal files (photo, documents, texts, databases, certificates, kwm-files, video) have been encrypted by a very strong cypher RSA-1024. The original files are deleted. You can check this by yourself – just look for files in all folders.
any samples?
 #3997  by kiskav
 Wed Dec 15, 2010 1:02 am
One of my user Got this issue. This thingie renamed most of the file with .encoder extension. Hope, none of the AV vendors has a fix for this..

Kaspesky says that, this ransomware would have overwritten all the files . so, is there Anyways to revert back the files to its original state ?