Search
Keyword: ransom_cerber
\DECRYPT_FILES.HTML - Serves as ransom note Other Details This Trojan encrypts files with the following extensions: .txt .pdf .doc .tif .adi .adt .docx .altr .xls .xlsx .ppt .pptx .odt .jpg .png .csv .sql sln .php .asp
Windows 2000, XP, and Server 2003, or C:\\Users\\{user name}\\Documents on Windows Vista and 7.) It drops the following files: %Desktop%\!!!README!!!{random 5 alphanumeric characters}.rtf- serves as ransom
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It is capable of encrypting files in the affected
This malware uses exploits on JexBoss open source server application and other Java-based application platforms to install itself in targeted web application servers. It appends the extension
64-bit), Windows Server 2008, and Windows Server 2012.) It does the following: Adjusts user privileges NOTES: The dropped ransom notes contain the following information: It deletes shadow copies by
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It gathers certain information on the affected computer.
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It is capable of encrypting files in the affected
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It deletes the initially executed copy of itself.
.wspak .xbk .xlk .yrcbck .~cw It renames encrypted files using the following names: {original filename}.hydracrypt_ID_{random ID} NOTES: This malware drops the following ransom note: Ransom:Win32/Tobfy.X
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. However, as of this writing, the said sites are
Trojan drops the following files: %Desktop%\DECRYPT.txt - ransom note %User Temp%\a.txt - ransom note (Note: %Desktop% is the desktop folder, where it usually is C:\Documents and Settings\{user name}
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It connects to certain websites to send and receive
Settings\{user name} on Windows 2000, XP, and Server 2003, or C:\Users\{user name} on Windows Vista and 7.) NOTES: This ransomware has the following ransom note: Trojan-Ransom.MSIL.Agent.gfo (Kaspersky);
malware/grayware from remote sites: JS_NEMUCOD.BBB Installation This Trojan drops the following files: %Desktop%\_HELP_instructions.txt - ransom note %Desktop%\_HELP_instructions.bmp - image used as wallpaper
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It requires its main component to successfully perform
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It deletes the initially executed copy of itself.
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. However, as of this writing, the said sites are