Known as Trj.Seftad, this trojan infects the MBR, and encrypts it with a password that can only be obtained by contacting the attacker and paying the funds to get the password.
Once the PC is rebooted, something like this will be displayed:
"Your PC is blocked. All the hard drives were encrypted. Browse ***.ru to get an access to your system and files. Any attempt to access your drives/files will lead to inevitable data loss. Please remember your ID *******. With its help, you will obtain the password. Enter password: _"
Realistically, the hard drives are not encrypted as the message says. However, only the MBR is overwritten.
If you browse the attacker's website, you are asked to pay using a Paysafecard or Ukash.
The following password can be used to restore the MBR: aaaaaaciip
However, if the password does not work, the Kaspersky RescueDisc is claimed to be the problem solver, as they have recently updated the rescue disc to incorporate the new ransom infections.
Once the PC is rebooted, something like this will be displayed:
"Your PC is blocked. All the hard drives were encrypted. Browse ***.ru to get an access to your system and files. Any attempt to access your drives/files will lead to inevitable data loss. Please remember your ID *******. With its help, you will obtain the password. Enter password: _"
Realistically, the hard drives are not encrypted as the message says. However, only the MBR is overwritten.
If you browse the attacker's website, you are asked to pay using a Paysafecard or Ukash.
The following password can be used to restore the MBR: aaaaaaciip
However, if the password does not work, the Kaspersky RescueDisc is claimed to be the problem solver, as they have recently updated the rescue disc to incorporate the new ransom infections.