Search
Keyword: ransom_cerber
" in its filename. A ransom message is contained in the file LUTFEN_OKUYUN.inf . It may connect to the following URL to download the key used in encrypting the files: https://{BLOCKED
This ransomware variant targets users in Hungary. It locks users' computers and lists the encrypted file types. It also lists steps to unlock the files, along with the ransom amount. To get a
}_HELP_instructions.html - ransom note It drops and executes the following files: %Desktop%\_HELP_instructions.html - ransom note %Desktop%\_HELP_instructions.bmp - image used as wallpaper (Note: %Desktop% is the desktop
\DECRYPT_FILES.HTML - Serves as ransom note Other Details This Trojan encrypts files with the following extensions: .txt .pdf .doc .tif .adi .adt .docx .altr .xls .xlsx .ppt .pptx .odt .jpg .png .csv .sql sln .php .asp
Windows 2000, XP, and Server 2003, or C:\\Users\\{user name}\\Documents on Windows Vista and 7.) It drops the following files: %Desktop%\!!!README!!!{random 5 alphanumeric characters}.rtf- serves as ransom
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It is capable of encrypting files in the affected
This malware uses exploits on JexBoss open source server application and other Java-based application platforms to install itself in targeted web application servers. It appends the extension
64-bit), Windows Server 2008, and Windows Server 2012.) It does the following: Adjusts user privileges NOTES: The dropped ransom notes contain the following information: It deletes shadow copies by
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It gathers certain information on the affected computer.
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It is capable of encrypting files in the affected
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It deletes the initially executed copy of itself.
.wspak .xbk .xlk .yrcbck .~cw It renames encrypted files using the following names: {original filename}.hydracrypt_ID_{random ID} NOTES: This malware drops the following ransom note: Ransom:Win32/Tobfy.X
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. However, as of this writing, the said sites are
Trojan drops the following files: %Desktop%\DECRYPT.txt - ransom note %User Temp%\a.txt - ransom note (Note: %Desktop% is the desktop folder, where it usually is C:\Documents and Settings\{user name}
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It connects to certain websites to send and receive
Settings\{user name} on Windows 2000, XP, and Server 2003, or C:\Users\{user name} on Windows Vista and 7.) NOTES: This ransomware has the following ransom note: Trojan-Ransom.MSIL.Agent.gfo (Kaspersky);
malware/grayware from remote sites: JS_NEMUCOD.BBB Installation This Trojan drops the following files: %Desktop%\_HELP_instructions.txt - ransom note %Desktop%\_HELP_instructions.bmp - image used as wallpaper
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a