According to CNet, Trojan.Ramvicrype encrypts files, but will not leave a ransom note (instances where "ransomware" hijacks your computer, using the same data encryption technology offered by legitimate companies like AlertBoot, have been around for some time). Fixes are available for download at Symantec, as well as at the company purportedly that created the trojan to begin with.
According to Shunichi Imano's blog at Symantec, the trojan uses the RC4 algorithm to encrypt files. How does it choose which files to encrypt? Well, the trojan makes use of the links found in the "recently opened files" folder. It follows these links to the actual files, and the files, as well as any other files found in the same folder (directory), are encrypted. (Imano notes that if you recently opened a file in the system folder...well, it's not going to be pretty. One of the consequences of encrypting files is, of course, that the contents cannot be accessed without the right key or password. If files in the system folder are encrypted--meaning they can't be accessed--the computer cannot work properly.) Affected files are left with the ".vicrypt" extension, just like Word documents would have ".doc" or ".docx" extension.
According to Shunichi Imano's blog at Symantec, the trojan uses the RC4 algorithm to encrypt files.
How does it choose which files to encrypt? Well, the trojan makes use of the links found in the "recently opened files" folder. It follows these links to the actual files, and the files, as well as any other files found in the same folder (directory), are encrypted.
(Imano notes that if you recently opened a file in the system folder...well, it's not going to be pretty. One of the consequences of encrypting files is, of course, that the contents cannot be accessed without the right key or password. If files in the system folder are encrypted--meaning they can't be accessed--the computer cannot work properly.)
Affected files are left with the ".vicrypt" extension, just like Word documents would have ".doc" or ".docx" extension.
Ransomware that doesn't leave a ransom note? It doesn't make sense. One could argue that the creators of the malware are just looking to create havoc--but if so, why not encrypt the entire computer? It could be done by substituting file encryption with whole disk encryption--and such malware has made rounds in the past. Turns out there is a financial aspect to vicrypt. Allegedly, this is how it works: if you do a search for a fix, you'll find a company that offers a fix to recover the encrypted files. (You're able to find them by searching for "vicrypt." At the time of this search, they're #3 on the results page, with the title "Antivicyprt - Best Vicrypt Solution.") There seems to be somewhat of a veiled consensus that this same company is responsible for the creation and spread of the ransomware. The fix is for a price, and that's how the trojan makes money. Or rather, it was for a price, before the story started to get big. Now the same company is offering it for free, although people taking advantage of this offer have found that it will only recover up to seven files. Seeing how the there are 10 links in the "recently opened files" folder, it means people will still have to fork over $29 for the remaining three files. (I'd go to their site and check to see if this is still true, but I'm concerned that my computer may get infected with something.)
Ransomware that doesn't leave a ransom note? It doesn't make sense. One could argue that the creators of the malware are just looking to create havoc--but if so, why not encrypt the entire computer? It could be done by substituting file encryption with whole disk encryption--and such malware has made rounds in the past. Turns out there is a financial aspect to vicrypt.
Allegedly, this is how it works: if you do a search for a fix, you'll find a company that offers a fix to recover the encrypted files. (You're able to find them by searching for "vicrypt." At the time of this search, they're #3 on the results page, with the title "Antivicyprt - Best Vicrypt Solution.") There seems to be somewhat of a veiled consensus that this same company is responsible for the creation and spread of the ransomware.
The fix is for a price, and that's how the trojan makes money. Or rather, it was for a price, before the story started to get big. Now the same company is offering it for free, although people taking advantage of this offer have found that it will only recover up to seven files. Seeing how the there are 10 links in the "recently opened files" folder, it means people will still have to fork over $29 for the remaining three files. (I'd go to their site and check to see if this is still true, but I'm concerned that my computer may get infected with something.)
Remember, encryption is not a panacea for your data security woes, as you can attest from the above. You need different approaches for different threats, and that includes firewalls, antivirus software, and--perhaps most importantly--people keeping out of "suspicious neighborhoods," if you catch my drift. Very rarely does a trojan install on a computer all by itself.
Related Articles and Sites:http://news.cnet.com/8301-27080_3-10388541-245.htmlhttp://en.wikipedia.org/wiki/RC4http://www.scmagazineus.com/New-ransomware-variant-features-novel-payment-scheme/article/156893/http://www.theregister.co.uk/2009/11/03/ransomware_ruse/