It is designed to blackmail users, by encrypting the documents it finds in the computer and by asking $100 for some decryption software. It does not spread automatically using its own means.

Windows 2003/XP/2000/NT/ME/98/95

Ransom.K is a Trojan designed to blackmail users, by encrypting the documents it finds in the computer and by asking $100 for some decryption software. The affected extensions are DB (Access), DOC (Word documents), JPG (pictures), TXT (text files) and XLS (Excel documents). Users will not be able to access any of these files.

However, due to some errors in the configuration of the Trojan, there is an easy solution to recover the documents. You can consult it in the section "How can the files be removed?" in Effects.

Ransom.K does not spread automatically using its own means. It needs an attacking user's intervention in order to reach the affected computer.

Ransom.K is easy to recognize, as it shows the following symptoms:

• It reaches the computer in a file which has the following icon, passing itself off as a help file:
  
  
• When the file is run, a wallpaper is displayed on screen, informing users that their files have been encrypted and in order to recover them, they have to send an email and pay $100, so that they can receive some decryption software: