Click to enlarge |
The trojan, W32/DatCrypt, makes it seem as though some of a user's files, such as Microsoft Office files, video files and music, have been corrupted, when in fact those files have been encrypted by DatCrypt.
It will then display what appears to be an authentic Windows message advising the user to download and install the "recommended file repair software", Data Doctor 2010. Once downloaded, Data Doctor will only be able to repair one ‘corrupt' file—users will be told they need to purchase the full version of the software for $US89.95. After this money is paid, the files will be restored.
"This trojan works in a very devious way. The user is probably very relieved to get his files back and may not realise that he has just paid a ransom for his own files. The user may even recommend what seems like an excellent file recovery product to his friends. Similar ransomware tricks have also involved the File Fix
Pro utility during the past year," says Wing Fei Chia, Senior Manager—Security Response, Security Lab at F-Secure.
F-Secure recommends backing up all important files elsewhere, either on removable media or using online resources such as F-Secure Online Backup.
