Search
Keyword: ransom_cerber
window as a ransom note: When Submit Message button is clicked, it displays the following message box: If the Decrypt Files button is clicked, regardless of the key on the textbox, it displays the
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It executes then deletes itself afterward. Arrival
following names: {original filename}.Hassan It leaves text files that serve as ransom notes containing the following text: Mal/GGCryp-A (Sophos); Gen:Heur.MSIL.Krypt.2 (BitDefender) Dropped by other malware,
the following: It hides the task bar NOTES: It displays the following window applications as ransom note: Backdoor:Win32/Fynloski!rfn (Microsoft); BackDoor.Comet.884 (DrWeb) Dropped by other malware,
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It deletes itself after execution. Arrival Details This
the ransom note: Dropped by other malware, Downloaded from the Internet Displays graphics/image
This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Ransomware arrives on a system
This Worm arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It does not have any backdoor routine. It executes the
This Worm does not have any backdoor routine. It executes the dropped file(s). As a result, malicious routines of the dropped files are exhibited on the affected system. Arrival Details This malware
This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Ransomware arrives on a system
This Ransomware may arrive bundled with malware packages as a malware component. It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting
files: /encrypted_{date of infection}_{alternative representation of date of infection}.enc It leaves text files that serve as ransom notes containing the following text: Your file has been
files that serve as ransom notes containing the following text: {Encrypted Directory}\IF_YOU_WANT_TO_GET_ALL_YOUR_FILES_BACK_PLEASE_READ_THIS.HTML VirTool:MSIL/Obfuscator.BK [submit_sample] (MICROSOFT);
This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Ransomware arrives on a system
This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It encrypts files found in specific folders. Arrival
/set {default} bootstatuspolicy ignoreallfailures It leaves text files that serve as ransom notes containing the following: {random characters}-HOW-TO-DECRYPT.txt Other System Modifications This
files that serve as ransom notes containing the following text: %Desktop%\Read@My.txt Gen:Variant.Symmi.42586 (BITDEFENDER); Trojan:Win32/Casdet!rfn (MICROSOFT) Dropped by other malware, Downloaded from
whenever an encrypted file is accessed: It displays it's ransom note %User temp%\VAULT.txt every system start up: It displays it's ransom image %appdata%\VAULT.hta every system start up:
This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It encrypts files found in specific folders. Arrival
This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It encrypts files with specific file extensions. It