A number of users have reported the infection dubbed Surprise ransomware. The infection is easy to spot. It does not hide as its encryption payload has completed, It clearly informs its victims they need to pay.
The malware is going to lock all files with a sophisticated encryption. To undo the malicious modification, a user is prompted to buy the decryption key. Surprise ransomware generates a relevant message and drops it into every folder with affected files. The files concerned cannot be opened until after decrypted.
Names of the affected files get changed. The ransomware adds “.surprise” extension at the end of each encoded item.
Propagation of the virus exploits multiple infection vectors. The Surprise crypto-trojan is the first ransomware to be dropped via TeamViewer. Judging by the complaints submitted, the TeamViwer based infiltration dominates the malware distribution.
The amount of ransom claimed by the rogue varies. It is basically up to a particular distributor and ranges within 0.5 to 25 Bitcoins. It means the amount may be as high as 10 thousand USD.
IT Security experts urge users to check TeamViwer privacy and security settings. That would prevent the ransomware invasion. It is also very important to make backups. If you can restore your files from backups, you do not need to pay the hacker.