The virus encrypts files with various extensions such as .doc, .txt, .pdf, .xls, .jpg, .png, and so on (the list is quite long) using an RSA encryption algorithm with a 1024-bit key. Once the user has been infected and his data encrypted, he is left only with a “read me” file which bears the following message:

“Your files are encrypted with RSA-1024 algorithm.
To recovery your files you need to buy our decryptor.
To buy decrypting tool contact us at: ********”

The previous version of the virus used 660-bit key. According to Kaspersky Lab virus researchers, that key could be cracked by a PC with a 2.2 Ghz processor in around 30 years. The 660-bit key was cracked at Kaspersky Lab based on a detailed analysis of the RSA algorithm implementation.

Kaspersky warns that, at present time, the filed could only be encrypted with the help of a private key. Unfortunately, guess who’s got the key.

Infected users are advised not to restart or shut down the affected machine. Instead, they should contact the security company, as well as the local cyber crime law enforcement units.