A new form of ransom ware has hit the web recently. This particular one is an encryption virus called “KEYHolder.”
It works by scanning your computer for valuable information(pictures, documents, backups, etc) and encrypts your data with a RSA 128 bit key that is currently impossible to crack.
KEYHolder will also create HOW_DECRYPT.gif and HOW_DECRYPT.html (shown in the pictures below) in each folder where your files were encrypted. These files contain information on how to access the ransom payment website where the hackers are asking for $500 USD to give the data back.
At this time it is unclear on how this virus is being distributed but it is thought by many in the pc repair field to have been installed manually through various exploit kit Trojans or hijacked Remote Desktop Connections.
We’ve assisted several businesses in the area who have had issues with this virus and unless you have a backup stored somewhere on an external hard drive, getting the data back is near impossible.
This is just another reason you should always backup your data and store it on an external hard drive that inst connected to your pc.
You can find more information regarding KEYHolder here @ bleepingcomputer.com