Search
Keyword: ransom_cerber
This malware is related to the compromised blog page of the UK news media website, "The Independent." Users who visited the hacked page are redirected to sites
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It deletes the initially executed copy of itself. It is
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It modifies the Internet Explorer Zone Settings. It
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It modifies the Internet Explorer Zone Settings. It
access the payment site specified in the ransom note, the browser displays the following Decrypt Service site: Win32/Filecoder.FJ (ESET); Trojan.Cryptodefense (Symantec); Ransom.CryptoWall (Malwarebytes);
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It deletes itself after execution. It is capable of
names: {all removable and fixed drives}\{random values}.exe - set attributes to Hidden It drops the following files: %Desktop%\{unique id}.HTML - ransom note %Application Data%\{unique id}.HTML - ransom
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
ransom note. Trojan-Ransom.Win32.Petr.eu (Kaspersky), Trojan:Win32/Petya.G (Microsoft) Dropped by other malware Encrypts files, Drops files
files using the following names: {original filename and extension}.d4nk It does the following: The ransom note contains the following strings: You Have Been Infected With Ransomware. Please Make Note of
following files: %Desktop%\UserFilesLocker.exe - contains ransom note, decryption instructions %Desktop%\_encrypt.pinfo - contains information used by UserFilesLocker.exe (bitcoin amount, email address, ID)
encrypts files in the following locations (including subfolders): %User Profile%\Pictures %User Profile%\Videos %User Profile%\Music %User Profile%\Desktop It also displays the following image as its ransom
2008, and Windows Server 2012.) It drops the following files: %User Startup%\{unique id}.HTML - ransom note, to enable automatic execution at system startup %Application Data%\{unique id}.HTML - ransom
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
encrypts all files located in the %Desktop% folder. After encrypting the files, it displays the following ransom note: If the maximum number of tries for the decryption key is reached, it displays the
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
!HELP_SOS.hta - ransom note %Application Data%\{random filename}.tmp (Note: %User Temp% is the user's temporary folder, where it usually is C:\Documents and Settings\{user name}\Local Settings\Temp on Windows
\Take_Seriously (Your saving grace).txt - ransom note (Note: %User Profile% is the current user's profile folder, which is usually C:\Documents and Settings\{user name} on Windows 2000, XP, and Server 2003, or C:
\Microsoft\Crypto\wscript.exe.config ← xml file %Application Data%\Microsoft\Crypto\comm.txt ← ransom note %Application Data%\Microsoft\Crypto\bann.txt ← list of whitelisted directories