We are continuously keeping our eye on new variants of the widely spread Ransomware family like Cryptolocker, Prison Locker, Copycat and Locker which encrypts your files and ask for a random amount to decrypt it.
If infected by such malware, to be very honest, there is no hope for recovering your documents without paying a ransom amount to the cyber criminals.
Learn Insider Threat Detection with Application Response Strategies
Discover how application detection, response, and automated behavior modeling can revolutionize your defense against insider threats.Join Now
Online users are now facing another similar ransomware called 'CryptorBit', (Virustotal report) first spotted on September 2013. It is not a variant of Cryptolocker but it does exactly the same thing i.e. Encrypt all the files on the Hard Disk.
CryptorBit is an infection that activates by clicking links in a spam message or malicious email, or websites while browsing the web, or by opening an attachment in an email from a malicious source.
Once your system gets infected by the CryptorBit, it will encrypt your files and hold them until a ransom of $50 - $500 or more is not paid. It will display a warning for you i.e. "YOUR PERSONAL FILES ARE ENCYPTED", following a warning message i.e. "All files including video, photos and documents, etc. on your computer are encrypted".
The affected file types include Word files, Excel files, Pictures, Music, Movies, Quickbooks files, PDFs and all other data files on your system.
The Warning note on the screen instructs the victim to download the Tor browser and access an onion-based hidden website for paying the ransom money. In addition, it may threaten you to pay the ransom within 24 hours. Otherwise, it will damage all of your personal and system files completely.
CryptorBit Malware is totally a scam designed by cyber criminals, because even after paying the ransom amount it will not decrypt your files, sounds scary but it's true. It forces users to pay for the fake private key to decrypt files.
CryptorBit not even fraud your money but also cause damage to your PC and Interfere with your privacy.
The most common windows folder location where the Cryptorbit virus lives - "%AppData%" and can be easily removed using Antivirus tools; but unlike traditional Ransomware, you can decrypt your files using system utility 'System Restore'.
The spam emails may appear to be sent from people you know, so it's very important for users to be careful while reading such malicious emails and if it doesn't look right, it's probably not.
The best protection against these infections is a good backup. We strongly advise people to keep their important files on their servers, and not on their desktops or local folders.