This is a bad one. Really bad.
Once on your computer, it will encrypt all your files and supposedly send you a key to release them only after paying $380 US in Bitcoins or $300 in cash (there are other payment arrangements as well).
The encryption is super strong – 2048 bit RSA, the key supposedly stored on a remote server accessible only after payment. If you don’t pay within 72 hrs, the key evaporates and you’re cooked…no access to your files forever.
How does it get on your system? Phishing/spear phishing, mainly…clicking on a link in an email.
If you weren’t expecting (or even if you were) such an email, call the person who supposedly sent it and ask if he or she did, in fact, send it. If not, delete it and suggest that person get IT help immediately.
Make backups online or on an external drive NOW, before you get infected (or some other mishap occurs). Having frequent backups NEVER hurt anyone.
There is also a tool (free) to change the group policies in all Windows computers. Other tools exist, but only do that in the Premium Windows editions.
Here’s the link: http://www.foolishit.com/vb6-projects/cryptoprevent/
It’s at the bottom of the page, and there are excellent explanations of the tool and how it works on the page…as well as testing the tool after installation. Before testing, bookmark the page (or use the link here) and then reboot.
Hope this helps, and hope none of you get hit.
the_Monk: Please feel free to add explanations of group policies or whatever you see fit…and thanks ahead of time.