|Short Description||This works as same as crypto locker virus. This was found wild on late 2013 it targeted all version of windows this ransomware scans the victim’s device and then encrypts those files and then demands the ransom.|
|Symptoms||Some files become inaccessible and howdecrypt.gif file can be found in many areas on the device.|
|Distribution Method||Spam Email,|
Once this ransomware infiltrates the victim’s device it creates some entries and random folders in the Appdata and LocalAppData.
It will also create
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run and HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
This is done inorder to start the infection whenever the windows starts.
In this ransomware there is another part that is a crypt coin miner. This utilize the victim device Cpu to mine digital coins.
This ransomware does not encrypt the entire files instead it corrupts the file by replacing the first 512byte of the file. This ransomware demands upto $400USD. These are done by communicating with the C&C server which generates a key and that is used to encrypt the victim files.
This ransomware also leaves howdecrypt.txt and howdecrypt.gif in every folder where the files are encrypted these note will provide the instruction for how to pay the ransom and how to get back the encrypted files.