New ransomware holds Windows files hostage, demands $50


New ransomware holds Windows files hostage, demands $50

March 25, 2009 (Computerworld) Cybercrooks have hit on a new twist to their aggressive marketing of fake security software and are duping users into downloading a file utility that holds users’ data for ransom, security researchers warned today.
While so-called scareware has plagued computer users for months, those campaigns have relied on phony antivirus products that pretend to trap malware but actually only exist to pester people into ponying up as much as $50 to stop the bogus warnings.
The new scam takes a different tack: It uses a Trojan horse that’s seeded by tricking users into running a file that poses as something legitimate like a software update. Once on the victim’s PC, the malware swings into action, encrypting a wide variety of document types – ranging from Microsoft Word .doc files to Adobe Reader PDFs – anytime one is opened. It also scrambles the files in Windows’ “My Documents” folder.

When a user tries to open one of the encrypted files, an alert pops up saying that a utility called FileFix Pro 2009 will unscramble the data. The message poses as an semiofficial notice from the operating system. “Windows detected that some of your MS Office and media files are corrupted. Click here to download and install recommended file repair application,” the message reads.
Clicking on the alert downloads and installs FileFix Pro, but the utility is anything but legit. It will decrypt only one of the corrupted files for free, then demands the user purchase the software. Price? $50.

O for the good old days when criminals had to actually leave the house and knock somebody over the head to get $50!

This is just a variant of a nasty, nasty scheme cooked up in the late 90’s, which I won’t name here.

However, the encryption key that it uses to scramble the documents is stored within the program itself, and there are benevolent programs out there to scan your system, retrieve the key, and unscramble the documents.

For all of you that trash us computer nerds, just remember that we loooove a good challenge, and like nothing more then to smack down losers like this that write ransomware. :thumbsup:

Can anyone say “denial of service” attack on the webdomain hosting this piece of garbage?

DISCLAIMER: The views and opinions expressed in these forums do not necessarily reflect those of Catholic Answers. For official apologetics resources please visit