Source: Malwarebytes Blog
Rich Matteo, a researcher here at Malwarebytes, came across an interesting sample that erases files and leaves a not-so-friendly message to its victims.
Once a host PC is infected, the malware enumerates the victim and looks for files of a certain type, replacing their contents with “Because f you! That’s why.”
Naturally, this can cause many programs to cease functioning, one of which was my Malcode Analyst Pack. This one produced some rather comical errors post infection.
Some quick static analysis of the file shows it’s a .NET Assembly that’s been obfuscated with SmartAssembly v6, a commercial obfuscator sold by Redgate. As mentioned before in my blogs, sometimes these products intended to be used by software developers to protect their Intellectual Property can also be used by malware authors to hide their evil deeds.
...
However, if the malware is detected post infection, the damage may have already been done to your files. The only way to reverse this process is to recover them from some sort of backup.
