Antivirus companies show an increase of activity of Trojan-cryptographers.
Since October, there is a sharp burst of activity Trojans-encoders. Trojan-encoder is a malicious program that is hitting on your computer, finds his personal files and encrypts them, and then prompts the user to pay a certain amount of payments via mobile or virtual wallets.
The report intruders says that after the user will receive a payment code to decrypt user files, but there are no guarantees of course, no one gives. Furthermore: experience shows that most of the victims did not get their coveted code. Under the encryption can get pictures, videos, music, documents, archives, and even configuration database.
These malicious program encrypts files and display the message to the user that you want to release to transfer an amount to a fraudulent account, sometimes for an account number, you must first submit a request to e-mail. After payment attackers send broken keys, or more often do not send anything. Decrypt a file without knowing the original key, a very difficult task. Especially dangerous Trojans, cryptographers are for-profit organizations, as, for example, lost data databases can suspend the company indefinitely.
The main signs that appeared on your computer Trojan-encoder is to change the file extensions, such as music files, image files, etc., which attempts to open a message from hackers demanding payment for obtaining decryptor. Ability to change the desktop background, the appearance of text documents and windows with the corresponding reports of encryption, the need to legalize software and the like.
Once on the system for files with the extension. Doc,. Mp3,. Jpg,. Xls. In the directory with the files you are copying is legal software, cypher, for example, lockdir.exe, with the introduction of the registry data of the program (in this case there is a legitimate use of software, running an illegitimate method). After this step, the process starts encrypting files with the installation of a randomly generated password. Original files are encrypted, and then moved to a hidden directory that stores the extension ***. RN, where *** – the name of the files in hexadecimal. In the directory with the original files, there is a picture with the message that in order to unlock the files to the user requires the purchase of software legalization.
To hide the presence of a malicious server software used to cleanse the system log Windows, which among other things provides a functional run on a schedule, log out from the terminal program runs clean traces of their presence in the system. Files are encrypted one of modern encryption algorithms BlowFish, decoding files after processing cryptographer, not knowing the key, it may take up to several years.
Ways of protection from Trojans, cryptographers for normal users are rather complicated, because you must configure security policies, or HIPS (intrusion prevention system), allowing access to files to certain applications and do not provide 100% protection in such cases, when a malicious program is being implemented in the address space trusted application.