Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1115
  • Last Modified:

File names changed to .ENCODED

Last Friday (11/26) many files on my network suddenly appear with .ENCODED as the file extension.  It's hit and miss around the network.  It's effected PDFs, XLS and DBF file type.  There's no rhyme nor reason I can figure out.  I noticed one folder on Saturday and restored it from backups, but it's all over the place.  

I've got Trend Micro running on all workstations and servers, so I should be protected.  I can't find anything online on this.  Any ideas?

If I remove the .ENCODED from the file name and open it, it's gibberish.
0
Scott Miller
Asked:
Scott Miller
  • 3
3 Solutions
 
TolomirAdministratorCommented:
this seems to fit here:

Malicious hackers are spreading the ransomware, which encrypts media and Office files on victim's computers, in an attempt to extort $120. In a nutshell - you can't access your files because the malicious code has encrypted them (in our observations, the whole file isn't encrypted - just the first 10% or so), and the hackers want you to pay the ransom if you want your valuable data back.

http://nakedsecurity.sophos.com/2010/11/26/drive-by-ransomware-attack-demands-120/
0
 
TolomirAdministratorCommented:
you can check if there are these system modifications.

http://www.sophos.com/security/analyses/viruses-and-spyware/trojransomu.html

0
 
TolomirAdministratorCommented:
in short, remove the trojan.

You could use the sophos beta for it.

http://www.sophos.com/products/beta/
--
then  apply all windows updates. Also try to prevent to work with Administrator permissions. Especially when surfing the Internet.
0
 
Scott MillerIT ManagerAuthor Commented:
Thanks, this helped out, quite a bit.  I've got Trend Micro working on removal and I'm restoring files.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now