We study the virus-extortion bitcoins AutoDecrypt
The number of various types of viruses-extortion Bitkoynov grows at an alarming rate. Recently, security experts have faced a new direction of viruses called AutoDecrypt. Contrary to what people might think by looking at the title, this malicious decrypts itself only after paying for the repurchase. And this is only part of the threat that makes the virus extremely destructive.
Beware of the extortionist AutoDecrypt
Looking at the latest surprises taught by virus developers, they always find ways to complicate the lives of their victims. AutoDecrypt in this sense is no different, it is quite a nasty instance of the extortion virus and creates a lot of problems. In fact, it uses a new technique that makes it almost impossible to restore files without paying a ransom.
More specifically, AutoDecrypt uses the Windows Cipher tool to clear free space on the hard drive of the infected computer. This is a rather interesting technique, and apparently not yet used in other viruses of this type. Anyone who has a backup of the data can face this problem, and find that the whole process of file recovery has suddenly become much more complicated.
The ransom demand advanced by this specific virus looks quite professional and differs from the general background of its kind. First, the message suggests "keep calm," and then requires the victim to pay developers to open access to the files. In fact, the message is much less comforting than if it were voiced by criminals.
As you would expect, people behind this virus want to get paid in Bitkoyany. Unfortunately, most likely a fixed fee for each infection is missing. It is likely that the amount will vary depending on how quickly the victim takes action, although this has not yet been officially confirmed. Users are also redirected to a unique payment link located on the domain IWantMyFiles.asia, which recently became popular in the environment of viruses-extortionists.
The message of redemption does not leave any clues, even when it comes to helping the victim in conducting Bitcoin-payment. The message only shows how to dial the address and go to the site LocalBitcoins. It is interesting to note that criminals do not show the victims information about different exchangers, while other viruses of the same type provide lists of exchange platforms where you can buy bitcoins.
It remains unclear how to distribute AutoDecrypt'a. There are suspicions that malicious links in social networks, infected attachments in emails and through peer-to-peer file-sharing networks. Security experts are still analyzing the samples of the virus, after a while more information will appear.