ArchiveLock Trojan Uses WinRar to Encrypt the Files of Users from Spain and France

Victims are told to pay $5,000 (3,900 EUR) if they want their files back

By on March 14th, 2013 14:52 GMT

Doctor Web experts have identified a new Trojan campaign that’s mainly targeting users from France and Spain. 

The malware, Trojan.ArchiveLock, spreads via brute-force attacks against the RDP protocol. Once it infects a computer, the threat copies the console version of WinRar into a local folder, empties the Recycle Bin, deletes backups and creates a list of files that will be encrypted.

After this is done, the files are archived into a password-protected file, and the original files are deleted by a special utility.

Once the files are encrypted, the victim is presented with a warning message in which he/she is offered the password for the archive in exchange for $5,000 (3,900 EUR).

Victims of Trojan.ArchiveLock are advised not to pay the ransom. Experts also advise them not to delete any files or reinstall the operating system.

Doctor Web provides a free service to help users recover their files. If your computer has been infected with the malware, submit a ticket here under the “request for curing” category.
Warning message displayed by Trojan.ArchiveLock (click to see full)
   Warning message displayed by Trojan.ArchiveLock (click to see full)
MORE ON THIS TOPIC
LATEST NEWS
HOT RIGHT NOW

Comments