I can find no mention of the Cryptodefense RansomwareTrojan
Please update Threat Intelligence and information.
Are we protected by McAfee and which DAT?
Antivirus applications only have limited defense against these things, which are only activated by some action by the user.
Read here for some excellent guidelines on this particular one: http://www.bleepingcomputer.com/virus-removal/cryptodefense-ransomware-information
When something like this hits you best action is to immediately power off without clicking any keys or touching your mouse.
See the last link my signature below for more hints.
.Message was edited by: Ex_Brit on 03/04/14 8:24:54 EDT PM
This variant was only identified and published today by Microsoft
Alert level: Severe
Detected by definition: 1.169.1618.0 and higher
First detected on: Apr 03, 2014
This entry was first published on: Apr 03, 2014
McAfee haven't yet published anything about it but - especially as it has been referenced here - they will do very soon.
CryptoDefense has been around since February but the original version had an embarrassing (for the authors) flaw : they left the decryption key in plain view on the infected systems' hard drives -
Whoever coded this made the rookie mistake of storing the decryption key in plain view – that's right, the private key is stored unencrypted on the PC's hard disk. Even though the generated private keys are uploaded to the crooks' server, allowing the crims to send the keys to victims who pay up, a copy is left on the drive by the software.
As this has been widely publicised I would guess that the latest variant is a patch rushed out to fix that little oversight.
Edit - BleepingComputer have made public the existence of the decryption key. They imply that the key is only present for systems infected before April 1st.
Message was edited by: Hayton on 05/04/14 01:51:58 IST
If your computer has been infected with CryptoDefense there may be a chance to restore your files. Fabian Wosar of Emsisoft discovered a method that allows you to decrypt your files if you were infected before April 1st 2014. Unfortunately, this only works for 50% of the infection cases but still provides a good chance of getting your files back.
For instructions on how to do this, please read this section: