A new ransomware was discovered installing DiskCryptor on the infected computer and rebooting the infected device to reveal a customized ransom letter.
MalwareHunter Team researchers discovered the malware which used DiskCryptor, an encryption program that encrypts the whole disk and then prompts the user to enter a password on reboot, and noted that it is being run manually or called by another script as it requires an argument to be passed to the program, according to a Nov. 5 Bleeping Computer blog post.
“Once the entire drive has been encrypted, it will reboot the computer and the victim will be shown a ransom note to contact email@example.com for payment instructions,” researchers said. “It will then sit there waiting for the user to enter the decryption password.”
In order to prevent infections, researchers recommend users backup their systems, not open suspicious attachments, scan attachments for malware before opening, ensure all systems are updated, and use strong passwords.