Saraswati Ransomware: New Threat for Valuable Data!!!

A new ransomware being popular called "Saraswati CryptoEncoder" or "Saraswati Ransomware" encrypting users valuable data files with {mahasaraswati@india.com}.xtbl extension. 

Varients of this ransomware are entering in systems through spam emails that may include malicious attachments and posing as invoices, receipts etc. The subject will tempt you to open the attachment containing malicious code.

This will encrypt document files (such as .doc, .xls. .ppt, .jpg, etc) and binary files (such as .exe, .dll, etc) into encrypted file with {mahasaraswati@india.com}.xtbl extension.

The ransom message is packed in the form of a JPG file named 'How to decrypt your files' and set as a wallpaper.

Saraswati-Ransomware-

To get your valuable data in orignal form user have to pay atleast 3-4 bitcoins($1700 approx.) , but there is no guarantee that you will get your data back using decryption key.
Instead users are suggested to use services like NPAV Data Vault or NPAV Data Backup, to restore your data in case of ransomware attack or data lost.

http://blogs.npav.net/blogs/?p=3145