Search
Keyword: ransom.win32.cring
.pptx .pst .pvi .py .pyc .rar .rtf .sln .sql .tar .vbox .vbs .vcb .vdi .vfd .vmc .vmdk .vmsd .vmx .vsdx .vsv .work .xls .xlsx .xvd .zip NOTES: It drops the following ransom note named "README.txt" which
This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. However, due to errors in its code, it fails to
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It modifies the Internet Explorer Zone Settings. It
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It deletes itself after execution. It is capable of
shadow copies {folder of encrypted files}\matrix-readme.rtf - ransom note {malware path}\{6 random characters}.vbs - Contains script to delete shadow copies {malware path}\svchost.exe (Note: %Application
\hitler\bg.mp3 %Application Data%\hitler\cmdc.exe -> silent cmd %Application Data%\hitler\death.lnk -> points to death.bat %Application Data%\hitler\mp3play.exe %Application Data%\hitler\note.vbs -> ransom
This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Ransomware arrives on a system
This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It encrypts files found in specific folders. Arrival
traversed in searching for files to encrypt. Here are the screenshot of its ransom note (in HTML and TXT) showing instructions on how to restore the encrypted files by paying in Bitcoin via their onion
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It deletes the initially executed copy of itself.
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It modifies the Internet Explorer Zone Settings. It
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It modifies the Internet Explorer Zone Settings. It
malicious sites. Installation This Trojan drops the following files: %Desktop%\_Locky_recover_instructions.txt - ransom note %Desktop%\_Locky_recover_instructions.bmp - image used as wallpaper {folders
malware/grayware from remote sites: JS_NEMUCOD.BBB Installation This Trojan drops the following files: %Desktop%\_HELP_instructions.txt - ransom note %Desktop%\_HELP_instructions.bmp - image used as wallpaper
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It is capable of encrypting files in the affected
access the payment site specified in the ransom note, the browser displays the following Decrypt Service site: Win32/Filecoder.FJ (ESET); Trojan.Cryptodefense (Symantec); Ransom.CryptoWall (Malwarebytes);
This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It adds certain registry entries to disable the Task
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It gathers certain information on the affected computer.
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It deletes itself after execution. Arrival Details This