Ransomware is a vicious form of malware, given that that it encrypts the victim’s files, after which the cyber-criminal demands a ransom to decrypt the kidnapped files.
Once again ransomware is on the loose; but a little bit different in this iteration. In previous versions of this type of malware, after installation, the victim was informed that the computer’s files had been encrypted and a decrypting tool had to be purchased from the cyber-criminal in order to decrypt the affected files.
According to PandaLabs, they recently discovered a new form of ransomware, Trj/SMSlock.A, which reportedly locks the victim’s entire computer, leaving the machine essentially unusable. In line with previous versions of this type of malware, a ransom, in this case in the form of a premium SMS, is demanded to allow the victim access to the infected machine.
While the original message on an infected computer is in Russian, the following English translation has been provided by Panda.
To unlock you need to send an SMS with the text
to the number
Enter the resulting code:
Any attempt to reinstall the system may lead to loss of important information and computer damage.
Infection methods: Floppy disks, CD-ROMs, email messages with attached files, Internet downloads, FTP, IRC channels, peer-to-peer (P2P) file sharing networks, etc.
Affected systems: Windows 2003/XP/2000/NT/ME/98/95/3.X
We should not relax our guard on this simply because this malware is currently affecting only Russian users. If previous experience is any indication (and it is), we can expect to see more of this type of malware, in a more general release, through the balance of this year.
In the event that you become infected by this piece of nasty work, check out Dr.Web, where you can obtain a generator for deactivation codes.
Reduce the possibilities of infection by this and other malware, by taking the following precautions:
Don’t open unknown email attachments
Don’t run programs of unknown origin
Disable hidden filename extensions
Keep all applications (including your operating system) patched
Turn off your computer or disconnect from the network when not in use
Disable scripting features in email programs
Make regular backups of critical data. If you are infected this may be your only solution
Make a boot disk in case your computer is damaged or compromised
Turn off file and printer sharing on the computer
Install a personal firewall on the computer
Install anti-virus/anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet
Ensure your anti-virus software scans all e-mail attachments
Don’t store critical data on the system partition
For additional information on this type of threat see “Gpcode Trojan Ransomeware Kidnapping Again!”, on this site.