Three independent security firms have come across a dangerous piece of ransomware that encrypts all the important files it finds on a computer, demanding a €50 (&60) fine for the password that’s needed to decrypt them.
and Doctor Web
experts all came across the nasty piece of malware that accuses the victim of utilizing “illegal programs.”
Detected by Bitdefender as Trojan.Ransom.HM
, the malicious element scans the system for HTML, PDF, txt and multimedia files, encrypting them and replacing their original extensions with .EnCiPhErEd
Once all the files are encrypted, a text called "HOW TO DECRYPT FILES.txt” is placed in all the folders, containing instructions on how to free
“Attention! All your files are encrypted! You are using unlicensed programms! To restore your files and access them, send code Ukash or Paysafecard nominal value of EUR 50 to the e-mail Koeserg@gmail.com. During the day you receive the answer with the code,” reads the message from the file.
The victims are also warned that if they enter too many incorrect codes, the data will be locked forever.
Bitdefender experts found that the ransomware is built with a special tool that allows scammers to easily create it.
F-Secure researchers say that the encryption mechanism is not very complex and they are currently working on cracking it.
From Dr. Web we find out that infections with this piece of malware have been seen in a large number of European countries, including Bulgaria, Germany, Italy, Spain, England, Austria and Norway.
Once the infection is unleashed, there’s not much you can do to get your files back, except for paying the ransom demanded by the cybercrooks.
This is why users must be extra cautious when downloading something from file-sharing sites and forums, the places where most of these malevolent elements have been seen.
Note. My Twitter account has been erroneously suspended. While this is sorted out, you can contact me via my author profile or follow me at @EduardKovacs1