Ransom.HTML.KRYPTERADE.A.note
JS:Trojan.Cryxos.2574 (BITDEFENDER)
Windows
Threat Type: Others
Destructiveness: No
Encrypted: No
In the wild: Yes
OVERVIEW
Dropped by other malware, Downloaded from the Internet
This Others arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It may be dropped by other malware.
This is the Trend Micro detection for files that exhibit certain behaviors.
TECHNICAL DETAILS
33,135 bytes
HTML, HTM
No
20 Apr 2023
Connects to URLs/IPs, Encrypts files
Arrival Details
This Others arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
It may be dropped by the following malware:
- KRYPTERADE ransomware family
Stolen Information
This Others sends the gathered information via HTTP POST to the following URL:
- http://{BLOCKED}8.com/checkout.php?step=1
Other Details
This is the Trend Micro detection for:
- Ransom note dropped by KRYPTERADE ransomware family.
It does the following:
- It has an embedded javascript code that is used to do the following:
- The following input are disabled in the HTML:
- Drag
- Select
- Right-click
- Ctrl+U
- Ctrl+A
- Ctrl+C
- It accepts a 16-digit PIN code input (Paysafecard payment)
- It displays the following note:
SOLUTION
9.800
18.396.04
20 Apr 2023
18.397.00
21 Apr 2023
Step 1
Before doing any scans, Windows 7, Windows 8, Windows 8.1, and Windows 10 users must disable System Restore to allow full scanning of their computers.
Step 2
Scan your computer with your Trend Micro product to delete files detected as Ransom.HTML.KRYPTERADE.A.note. If the detected files have already been cleaned, deleted, or quarantined by your Trend Micro product, no further step is required. You may opt to simply delete the quarantined files. Please check the following Trend Micro Support pages for more information:
Did this description help? Tell us how we did.