Search
Keyword: usoj_ransom.hun
information. It encrypts files with specific file extensions. It encrypts files found in specific folders. It drops files as ransom note. Arrival Details This Ransomware arrives on a system as a file dropped by
information. It encrypts files found in specific folders. It drops files as ransom note. Arrival Details This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly
the following component file(s): {folders containing encrypted files}\_ReCoVeRy_+{random}.png - ransom note {folders containing encrypted files}\_ReCoVeRy_+{random}.html - ransom note {folders
\_ReCoVeRy_+{random}.png - ransom note {folders containing encrypted files}\_ReCoVeRy_+{random}.html - ransom note {folders containing encrypted files}\_ReCoVeRy_+{random}.txt - ransom note %My Documents%
encrypted files}\_{count of folders where files are encrypted}-INSTRUCTION.html ← Ransom Note It drops and executes the following files: %Desktop%\-INSTRUCTION.html ← Ransom Note %Desktop%
> Ransom Note It drops and executes the following files: %Desktop%\_WHAT_is.html -> Ransom Note %Desktop%\_WHAT_is.bmp -> Ransom Note, image used as wallpaper (Note: %Desktop% is the desktop folder,
following files: {folder of encrypted files}\_{count of folders where files are encrypted}_WHAT_is.html -> Ransom Note It drops and executes the following files: %Desktop%\_WHAT_is.html -> Ransom Note
malicious sites. Installation This Trojan drops the following files: {folder of encrypted files}\_{count of folders where files are encrypted}_WHAT_is.html -> Ransom Note It drops the following component file
password to unlock files %User Profile%\Downloads\README.txt - ransom note %User Profile%\Desktop\README.txt - ransom note %User Profile%\Documents\README.txt - ransom note %User Profile%\Music\README.txt -
component that automatically opens the image ransom note upon system startup %Application Data%\Microsoft\Windows\Network Shortcuts\!README.bmp - ransom image %Application Data%\Microsoft\Windows\Network
FILES.HTML - serves as ransom note %Desktop%\README HOW TO DECRYPT YOUR FILES.TXT - serves as ransom note (Note: %Desktop% is the desktop folder, where it usually is C:\Documents and Settings\{user name}
\HOW_TO_RESTORE_FILES.txt -> Ransom Note {Encrypted File Path}\HOW_TO_RESTORE_FILES.html -> Ransom Note %All Users Profile%\Application Data\erekakalacosumiz\aherizyb %All Users Profile%\Application Data\erekakalacosumiz
dropped note per folder}_HELP_instructions.html - ransom note It drops and executes the following files: %Desktop%\_HELP_instructions.html - ransom note %Desktop%\_HELP_instructions.bmp - image used as
file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Installation This Trojan drops the following files: /Documents/README!.txt - ransom note
malware" %Application Data%\{10 digit number} %Application Data%\{Unique ID}.html -> Ransom Note %Application Data%\Microsoft\Windows\Templates\{Unique ID}.html -> Ransom Note %Desktop%\{Unique ID}.html ->
This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It drops files as ransom note. Arrival Details This
This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It drops files as ransom note. Arrival Details This
system. It drops files as ransom note. Arrival Details This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It drops files as ransom note. Arrival Details This
This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It drops files as ransom note. Arrival Details This