Recover Lost Documents

Security professionals are warning that some new “scareware” programs, that attempt to frighten users into buying bogus security products, also encrypt the user’s digital documents until he or she agrees to pay a $50 ransom demand.

Brian Krebs stated in his blog on computer security for The Washington Post that newer versions of the scareware Antivirus2009 warn users in a fraudulent Windows alert that files in their “My Documents” folder are corrupt. The program then directs the user to a download of a program called “FileFixerPro” to supposedly fix the corrupted files.

In reality, this version of Antivirus2009 encrypts or scrambles the contents in My Documents so that only users who pay $50 for a FileFixerPro license are able to get the decryption key needed to regain full access to their My Documents folder.

Several security forums, stated Krebs, consist of many users who are seeking help because they have apparently have fallen victim to this threat and have had their documents scrambled.

Krebs reported that BleepingComputer.com, a computer-help forum, has posted instructions on how to remove FileFixerPro. But, unfortunately, a victim’s documents will be unable to be retrieved.

FireEye, however, has figured out how to decrypt documents scrambled by this threat and is offering a free Web-based service where users can upload documents to have them de-scrambled. Senior security researcher Alex Lanstein stated that he hopes the company will soon be able to release a tool that users can download to help decrypt their entire My Documents folder.

Krebs reported that according to a report by the Anti-Phishing Working Group, the number of new rogue security programs has increased by 225 percent from 2,850 in July to 9.287 in December.