Heads Up on Malware

[LongHaul]

Just a Heads Up. There is updated Encryption Malware that seems to have started showing up in Feb, 2016 that is new enough that it gets by at least some Virus Protection. Know one site that was a recent victim and understand there are others.

One variation of this Encryption Malware is called Teslacrypt 3.0 or the RSA-4096 Virus.

It is a bad one. Comes in via E-mail with an attachment often a Word Doc or Docx.

For businesses it often claims to be an outstanding invoice or an invoice.

Looks legit until one puts the cursor on the from E-mail address. It will usually show a strange looking E-Mail Address.
If the E-mail Address doesn't look legit don't open it.

If the attachment is opened it will quickly encrypt one's personal files. The encrypted files will often show up as video or music files.

A message will come up offering to provide the key after a ransom has been paid. From what is being said in Internet forums this usually appears to range around $500 USA. Have to hope the keys actually work but it would bad publicity for the Virus Ransom Business if they didn't.

To avoid paying the ransom to these scumbags another option is remove the Malware (which one has to do with either option) and then restore the affected files from backup media.... if it exists.

There are other recovery options some are mentioned in the links below. Don't know how well they work.

The message that I have seen is:

NOT YOUR LANGUAGE? USE https://translate.google.com 
 
What happened to your files ?
All of your files were protected by a strong encryption with RSA-4096.
More information about the encryption keys using RSA-4096 can be found here: http://en.wikipedia.org/wiki/RSA_(cryptosystem)
 
How did this happen ?
!!! Specially for your PC was generated personal RSA-4096 KEY, both public and private.
!!! ALL YOUR FILES were encrypted with the public key, which has been transferred to your computer via the Internet.
Decrypting of your files is only possible with the help of the private key and decrypt program, which is on our secret server.
 
What do I do ?
So, there are two ways you can choose: wait for a miracle and get your price doubled, or start obtaining BITCOIN NOW! , and restore your data easy way.
If You have really valuable data, you better not waste your time, because there is no other way to get your files, except make a payment.

--- etc---

Some links with more information, there are many on the Internet. Don't know how well any products mentioned work or if they are safe.

http://www.bleepingcomputer.com/forums/t/605185/teslacrypt-30-xxx-ttt-micro-mp3-support-topic/

http://howtoremove.guide/rsa-4096-virus-encryption-removal/

http://nabzsoftware.com/types-of-threats/teslacrypt-3-0

[Jlabute]

Good to know. Ransomware is on the rise I think.

http://observer.com/2015/09/symantec-sa ... ansomware/
Symantec tells us not to pay. Make sure you create backups of your data.

Dutch police nabbed the two people behind CoinVault.
https://blog.kaspersky.com/criminals-be ... lice/9886/

http://www.techspot.com/news/51654-majo ... ities.html

Lots of criminals getting caught. I suppose the consequences are not severe enough.

[mexi cali]

Malware Bytes. Best anti-malware program I have ever come across. Saved my asss many times.

[Jlabute]

Malwarebytes is on top with the best. I like spybot S&D too. No 1 program catches everything.