PoshCoder

PoshCoder is a file encryptor Trojan that encrypts various file types automatically, making them theoretically unusable until a BitCoin fee is paid to its administrators. Malware researchers discourage paying for PoshCoder's decryption, which is likely to backfire on any victims trusting enough to do so, and continue to find proper file backup protocols to be the best way of dealing with PoshCoder and similar ransomware. Many PC security products have been reported to fail to identify PoshCoder, and updating your anti-malware utilities prior to deleting PoshCoder could be essential for saving your PC from future attacks, regardless of whether or not you give its creators your money.

The File-Scrambling Attack of a Cyber-Gentleman Robber

Following closely in the tracks of the equally recents Cryptorbit Ransomware and BitCrypt Ransomware, PoshCoder is a Trojan that deprives you of access to your files as a way of forcing you to ransom away your money. Ransoms demanded by PoshCoder Trojans have varied from as low as two hundred USD to more than twice that amount, but always with an expressed preference of using Bitcoins for the transaction. Currently, PoshCoder's installation methods remain unidentified, although malware researchers did see a notable increase in PoshCoder attacks of as April 2014, indicating that PoshCoder most likely is recently-developed or distributed. PoshCoder's installation does occur automatically, which leaves several infection vectors open as possibilities, including e-mail attachments and exploits.

Due to the encryption changes PoshCoder makes to a variety of files, including changing file names, PoshCoder's installation should be detectable almost immediately on most PCs. Although this list isn't definitive, malware experts can point out some of the most vulnerable file types to being encrypted by PoshCoder, and, thus, made to be temporarily unusable:

• Text document files (Word's DOC files and Notepad's TXT files, for example).
• Microsoft Excel files.
• Photoshop PSD files.
• Archive files such as ZIP.

Other, equally common targets of file encryptor Trojans include image files like JPG, MP3 sound files and files associated with default Microsoft applications. Along with changing the contents of these files to prevent them from being read, PoshCoder also appends the suffix '.poshcoder' to their file names, and places additional VBScript files in all affected folders. New files that are introduced to a PoshCoder-compromised machine also will be automatically encrypted, which is why malware experts strongly recommend isolating a PoshCoder problem with alacrity.

The High Class Way to Deal with a Low Class Trojan

With all known PoshCoder attacks taking place in this year, it is unsurprising that malware researchers found most PC security productions to have poor rates of detection for this file encryptor. Similarly, there have been no officially released tools for decrypting PoshCoder files, although that fact may change in the future. Rather than submitting to PoshCoder's ransom, which isn't guaranteed to restore your files, you should restore your files from a remote backup drive, and then remove PoshCoder with an accurate anti-malware solution.

The case for ransomware campaigns spreading to the United States seems to be getting stronger than previously as of this year. Although malware researchers often have examined variants of similar threats throughout Europe, PoshCoder seems to be targeted at English-predominant regions, including Britain, the US and Canada. PC users in the affected nations should continue to exercise appropriate security practices to keep PoshCoder from taking out their hard drives' contents for the sake of Bitcoin greed.