Bleeping Computer had the scoop again: "A new ransomware has been released called KEYHolder that is from the same developers of CryptorBit. Like CryptorBit, this infection encrypts your data files and then demands a ransom of 1.5 bitcoins to get a decryptor for your files. Unfortunately we have not been able to find an installer of this infection, so it is currently unknown as to how this ransomware infects a computer. The current theory is that the group behind KEYHolder is manually hacking remote desktop and terminal service computers and installing the infection. As we learn more, we will update this topic.
"When KEYHolder is installed it will scan the computer's drives for data files and encrypt them. Once it is done, it will wipe all the restore points and shadow volume copies on the computer so that the victim is unable to use them to restore the original data.
KEYHolder will also place HOW_DECRYPT.gif and HOW_DECRYPT.HTML ransom notes in every folder that it encrypts a file. The ransom notes contain information on how to access the malware's TOR site, which contains information the current ransom amount, the bitcoin address that the ransom should be sent to, and the ability to check if the payment has been received.
Here is more detail at the BleepingComputer site.
