This is a ransomware that comes to you via email. The purpose of these threats is to
extort money from their victims with promises of restoring encrypted data. The
ransomware encrypts files with the RSA-2048 algorithm and AES-128 ciphers and asks
a ransom for decryption. This type of malware also comes as highly obfuscated
JavaScript (file with .JS extension) inside an archive which is attached to a Spam Mail,
usually pretending to be an official document. Opening of such an attachment is
enough to get system compromised with Ransomware.
This virus can also spread via file sharing services and social networking sites, which
may contain similar attachments and files which might be presented to you as useful or
something required, like an update.
As the number of incidents of computer systems getting infected by this Ransomware is
on the rise and almost all of the reported cases are from the Indian Sub-Continent, we
at eScan are issuing an advisory so that further outbreak can be prevented.
The encrypted data cannot be decrypted or recovered, as the RSA keys are stored on a
hidden server. Although, there are claims of paid alternatives but the success rate is
minimal.