Search
Keyword: ransom_cerber
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It deletes the initially executed copy of itself. It is
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It modifies the Internet Explorer Zone Settings. It
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It deletes the initially executed copy of itself. It is
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It modifies the Internet Explorer Zone Settings. It
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It deletes itself after execution. It is capable of
and Server 2003, or C:\Users\{user name}\Documents on Windows Vista and 7.) It drops the following files: Ransom notes: {folders containing encrypted files}\RECOVER{random 5 characters}.txt {folders
the following files: Ransom notes: {folders containing encrypted files}\RECOVER{random 5 characters}.txt {folders containing encrypted files}\RECOVER{random 5 characters}.png {folders containing
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It deletes the initially executed copy of itself. It is
=https://az786092.vo.msecnd.net/ front=ajax.aspnetcdn.com" ClientTransportPlugin "meek exec Application\Rurhov.exe NOTES: After its encryption routine, this malware displays the following Window containing ransom notes and
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It modifies the Internet Explorer Zone Settings. It
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It modifies the Internet Explorer Zone Settings. It
Vista or newer It opens the dropped ransom notes: It encrypts files in all fixed, removable, and network drives and shares. Ransom:Win32/Tescrypt (Microsoft), Win32/Filecoder.TeslaCrypt.I (ESET-NOD32)
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It deletes itself after execution. It is capable of
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It does not have any propagation routine. It does not
ProgramData (Windows Vista and above) It opens the dropped ransom notes: It encrypts files in all fixed, removable, and network drives and shares. Ransom:Win32/Tescrypt.A (Microsoft), Ransomware-FEB
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It modifies the Internet Explorer Zone Settings. It
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It modifies the Internet Explorer Zone Settings. It
encrypted files It gathers the following information and reports it to its servers: Windows Version User's rights (Example: ADMIN) NOTES: It locks the screen and displays the following ransom note:
and Server 2003, or C:\Users\{user name}\Documents on Windows Vista and 7.) It drops the following files: Ransom notes: {folders containing encrypted files}\RECOVER{random 5 characters}.txt {folders
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It does not have any propagation routine. It does not