Search
Keyword: ransom.win32.cring
automated analysis system. Ransom:Win32/Genasom (Microsoft); Ransom (McAfee); Ransom.Gen (Symantec); Trojan-Ransom.Win32.Gen.are (Kaspersky); Troj/Petya-BC (Sophos); Trojan.Win32.Generic!BT (Sunbelt)
Vulnerability Installation This Ransomware drops the following files: {folder of encrypted files}\_DECODE_FILES.txt - ransom note {malware path}\_DECODE_FILES.txt - ransom note %User Temp%\{random numbers} (Note:
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It deletes itself after execution. Arrival Details This
{random letters} It leaves text files that serve as ransom notes containing the following text: {infected directory}\{extension}-HOW-TO-FIX.TXT Trojan-Ransom.LickyAgent (Ikarus);
This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It drops files as ransom note. Arrival Details This
This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It drops files as ransom note. Arrival Details This
information. It drops files as ransom note. It avoids encrypting files with the following file extensions. Arrival Details This Ransomware arrives on a system as a file dropped by other malware or as a file
information. It drops files as ransom note. It avoids encrypting files with the following file extensions. Arrival Details This Ransomware arrives on a system as a file dropped by other malware or as a file
ransom message: It sets the system's wallpaper to the following image: It displays the following ransom message:
The ransom message can be viewed in 7 different languages: French, Spanish, Austrian,
This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Ransomware arrives on a system
This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It drops files as ransom note. Arrival Details This
{user name} on Windows Vista and 7.) It leaves text files that serve as ransom notes containing the following: It adds the following mutexes to ensure that only one of its copies runs at any one time:
capable of encrypting files in the affected system. It drops files as ransom note. Arrival Details This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly
Server 2012.) It drops the following component file(s): %Desktop%\_HELP_instructions.txt - ransom note %Desktop%\_HELP_instructions.bmp - image used as wallpaper {folders containing encrypted files}
following folder names: ".&" Temp Y@Cs cache cache2 games nvidia packages uvOyR windows It drops HELP_YOUR_FILES.PNG to all folders where files are encrypted. It opens the dropped ransom notes
information. It drops files as ransom note. Arrival Details This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Ransomware arrives on a system
dropped ransom notes HELP_DECRYPT.TXT, HELP_DECRYPT.PNG and HELP_DECRYPT.HTML: It demands payment for using decryption service: Trojan.Cryptodefense (Symantec); Trojan:Win32/Bagsu!rfn (Microsoft);