|Short Description||This ransomware belongs to the Crysis family. Once encrypted the extension of the encrypted files changes into .wallet extension.This was first noticed during the mid of November 2016. The ransom depends for decrypting this ransomware depends on the number of devices infected/compromised (if a whole organization is infected by this ransomware then the ransom amount surpasses a whooping amount of 7bitcoin which is around 5kUSD, the average amount differs between 1-2 BTC.|
|Distribution Method||Phishing mails, Via exploit kit, Dll file attack, or drive by download.|
The decryptor for this ransomware is now available. This belongs to the crisis family; this family has a history for releasing the master key for decryption when they switch to their next extension the master key was released for this ransomware in a very short time compared to other malware family types. There are various modes of propagation for this ransomware. Once this enter’s into the victim’s device is starts to scan for the targeted extensions and once this process is done it encrypts the files which makes the files either inaccessible or unusable. The researchers say that this ransomware uses AES and RSA encryption technique for encrypting the victim’s data. Once encrypted this ransomware changes the extension of the encrypted file into either. Dhramaor .wallet. Some of the researches claims that once the wallet ransomware compromises the victim’s device there are chances that it makes the victim’s device more vulnerable like making it vulnerable to remote attacks, identity theft. The working process of wallet is as followed:
After encrypting the files this ransomware changes the desktop wallpaper of the victim notifying that the victim’s device in infected with this ransomware. This also drops some .txt format files such as Readme.txt which explains process for the victim how to pay the ransom. The decryptor for this ransomware is now available. Go to the decryptor section in this website for more details.
For decryptors link refer: http://vinransomware.com/detection-and-decryption-tools