This threat may be downloaded on to the computer by the following Trojan:
When the Trojan is executed, it encrypts all files that do not have the following strings in their file path location:
- local settings
- program files
Next, it encrypts any files that have the following file extensions:
The Trojan also encrypts files that contain the following strings in the file extension:
It then encrypts all files on fixed disk drives and all files that have a size between 400 and 209,715,200 bytes.
The Trojan uses the Blowfish algorithm to encrypt the files.
The initial key for the algorithm is saved in the following location:
Alternatively, the Trojan may generate a number of random capital letters 40 bytes in length for the initial key.
The Trojan stores the encrypted file names in the following location:
Symantec Security Response encourages all users and administrators to adhere to the following basic security "best practices":