A new infection is making its rounds that makes it so you cannot boot your computer unless you pay a ransom of $100 USD. This malware will modify the Master Boot Record of your computer so that it displays a message stating that your computer's hard drives were encrypted and that unless you pay the ransom you will not be able to access your files.

 


The reality is that the infected hard drives are not actually encrypted, but just not being made available until you enter a password. When this infection is installed on your computer it will move the infected hard drives Master Boot Record, or MBR, to another location and install a new MBR that displays a message stating that the hard drives were encrypted and that you need to visit www.safe-data.ru in order to receive help. The message that you will see is:

 
Your PC is blocked.
All the hard drives were encrypted.
Browse www.safe-data.ru to get an access to your system and files.
Any attempt to restore the drives using other way will lead to inevitable data loss !!!
Please remember Your ID: , with its
help your sign-on password will be generated.

Enter password:


When you visit www.safe-data.ru it will state that your hard drives are encrypted and unless you spend $100 USD, you will lose your data. It also states that any attempts at tampering may cause loss of data.

The truth is that this infection can be fixed without spending any money, so for no reason should you purchase the code Instead and you are still locked out of your system pleas send an eMail to info@pcgrunts.com with subject line "Am I Infected" to schedule on site visit or call 818-724-4460 for additional information.

 

 


 

 

Comments and Questions by Visitors:

 

Dear Saumya,

 I think you have misunderstood the posting…

 

The “”source code or a live sample”” as you have requested is the Virus or Malware that infects your pc and then promises to be fixed if you pay the fee.

 

 " Scareware/Ransomware are a relatively new type of attack, where a user is tricked into downloading what appears to be an antivirus application, which then proceeds to tell you that your PC is infected with hundreds of viruses, and can only be cleaned if you pay for a full license. ""

 

 The link below may provide you with some ideas on how to fix the problem on your own,

 http://www.pcgrunts.com/security/HowToRemoveScareware.htm

 The instructions should work for most common ransomware type infections also.

 If you are still having difficulties with protecting your PC from Virus’s and malware even after trying everything as suggested from the link please feel free to contact me for additional support.

 

From: Google Support [mailto:saumya.shetty.2010@gmail.com]
Sent: Monday, May 23, 2011 4:44 AM
To: info@pcgrunts.com
Subject: ransomware

 

Sir,

I request you to kindly provide me a sample copy of the malware posted on http://www.pcgrunts.com/security/ransomware.htm.

I will be highly obliged to recieve the link to its source code or a live sample.

Regards,
Debojyoti Pal

 
 

 <<<<<<<<Back