Nurse Helen Barrow, 40, is believed to be the first person in the UK to be a victim of online blackmail.
The cybercriminals encrypted her files in a special folder with a 30-digit password and left a ransom note telling her not to contact police. The note told Barrow she would receive the password to unlock the file once she had bought drugs from an online pharmacy.
Barrow then called the police and an IT expert who then managed to decrypt the files.
"When I realised what had happened, I just felt sick to the core. I was in shock,” she told the BBC. "It was a horrible feeling and I thought I was going to lose all of my work.”
According to experts, the Arhiveus trojan was used to encrypt the files. Experts at Sophos disassembled the trojan and determined that the password it uses to encrypt data was;
"The Arhiveus password is deliberately long and complicated in an attempt by the hackers to avoid people easily cracking it," said Graham Cluley, senior technology consultant for Sophos. "But now the password has been uncovered, there should be no reason for anyone hit by this ransomware attack to have to make any payments to the criminals behind it."
"Hackers are getting bolder in their attempts to steal money from innocent web users. Once your valuable data is locked away you may be tempted to pay up to rescue your files, but this will only encourage more blackmail attempts in the future. Companies who have made regular backups may be able to recover easily, but less diligent home users could be panicked into coughing up the cash," said Cluley.
Greg Day, a security analyst at McAfee said: "We are seeing more of this type of attack in recent months where hackers target individual users holding files to ransom. As businesses increasingly mobilise its workforce companies need to be confident that employees are protected outside of the network as well as in the office if hackers are starting to launch random attacks against individuals.
In March 2006, the Zippo trojan horse demanded $300 for the safe return of users' encrypted data. The following month the Ransom-A trojan horse threatened to delete stolen files one-by-one until a ransom was paid.