|Short Description||This ransomware carries similar activities related to Dridex and locky Ransomware. This ransomware came into picture just one day before the wannacry ransomware. More than 1,00,000 Emails were noticed in a short while which had an attachment of PDF files. The attackers used Necurs botnet for sending massive spam emails. Once encrypted the encrypted files extension are changed into .WLU format.|
|Distribution Method||Phishing mails using Necurs botnet.|
This ransomware made its debut just one day before the devastating WannaCry Ransomware. This was first seen in the cyber world on 11th May 2017. Massive emails were sent in the very beginning stage. This does not have any stealth mode but this Ransomware infection was basically through social engineering (phishing mail). The mail seems so legitimate the content of the mail had an invoice attachment which is the ransomware file that is used for the infection process. Once the victim downloads the file and runs it the encryption starts. More than 10,000 emails per hour were noticed. This ransomware has some similarities of Dridex and Locky ransomware. The attackers used Necurs botnet for sending massive spam emails the same was used for Locky ransomware. Even there were some minor similarities between the codes used to create this ransomware. Forecpoint security labs claim that they noticed more than 5+millions of spam emails in a very short duration. This ransomware demands a whooping amount of 2bitcoins which is around 3700$. The infection process is as followed.