A newer variant of this malware is rather more sinister it does not lock the machine but holds all your files to ransom by encrypting them.
The malware once installed looks for specific file types using a list of over 100 file extensions and encrypts them making them unreadable without the decrypting key.
The malware generates a unique encryption key randomly every time it infects a computer using military grade algorithms, the only way to get your files restored is to use the unique decipher key generated at the same time and stored on a secret server that only the perpetrator has access to..
The malware only lets you know of its presence after all the files are encrypted and effects all connected network drives. So if your backup drive whether a physical drive or a virtual one is connected at that time, those files will also be corrupted.
The malware itself is fairly easy to remove, a real time antivirus scanner can be downloaded and used to detect and remove the ransomware.
Once the machine is cleaned the encrypted files can be removed and replaced with those from your latest backup.
|