CryptoShield 2.0 Ransomware

CryptoShield 2.0 Ransomware Ransomware Overview
A new iteration has spawned from the CryptoShield malware family. The new CryptoShield 2.0 ransomware follows the same behaviour patterns by encrypting user data and then extorting the victims for a payment fee.

Like its predecessors the virus targets the most popular file type extensions and the affected files are renamed using a predefined pattern: .[RES_SUP@INDIA.COM].ID[2D64A0776C78A9C3].CRYPTOSHIELD Pattern.

In addition these system settings are modified:
 * The Windows Recovery Options are disabled by the virus engine.
 * The ransomware deletes all Volume Shadow Copies found on the infected host.
 * Windows Error Recovery Options are disabled.
 * The CryptoShield 2.0 ransomware sets up a persistent environment.
 * The malware can manipulate and kill other system and application processes.

CryptoShield 2.0 Ransomware Ransomware Note
NOT YOUR LANGUAGE? USE http://translate.google.com "What happens to you files?""All of your files were encrypted by a strong encryption with RSA-2048 using CryptoShield 2.0. DANGEROUS.""More information about the encryption keys using RSA-2048 can be found here: https://en.wikipedia.org/wiki/RSA_(cryptosystem)""How did this happen ?""Specially for your PC was generated personal RSA – 2048 KEY, both public and private. ALL your FILES were encrypted with the public key, which has been transferred to your computer via the Internet. Decrypting of your files is only possible with the help of the private key and decrypt program, which is on our secret server.""What do I do ?""So, there are two ways you can choose: wait for a miracle and get your price doubled, or start send email now for more specific instructions, and restore your data easy way. If You have really valuable data, you better not waste your time, because there is no other way to get your files, except make payment.""To receive your private software:""Contact us by email, send us an email your (personal identification) ID number and wait for further instructions. Our specialist will contact you within 24 hours.""ALL YOUR FILES ARE ENCRYPTED AND LOCKED, YOU CAN NOT DELETE THEM, MOVE OR DO SOMETHING WITH THEM. HURRY TO GET BACK ACCESS FILES. Please do not waste your time! You have 72 hours only! After that The Main Server will double your price!""So right now You have a chance to buy your individual private SoftWare with a low price!""CONTACTS E-MAILS:""res_sup@india.com – SUPPORT;""res_sup@computer4u.com – SUPPORT RESERVE FIRST;""res_reserve@india.com – SUPPORT RESERVE SECOND;""ID (PERSONAL IDENTIFICATION): 9694E***"

CryptoShield 2.0 Ransomware Ransomware Distribution
Most of the infections are carried out by exploit kits and spam messages. Hackers use primarily RIG and ElTest to inject the viral payload into sites and craft email spam campaigns.

Other sources include JavaScript files, malicious redirects and infected software installers.

CryptoShield 2.0 Ransomware Ransomware Removal
[http://bestsecuritysearch.com/cryptoshield-2-0-ransomware-virus-removal-steps-protection-updates/ In-depth removal instructions and detailed technical information about the virus can be found on Best Security Search.]