RANSOM_CRYSIS.F116LR
ALIASES:
Trojan-Ransom.Win32.Cryakl.aom (Kaspersky)
PLATFORM:
Windows
OVERALL RISK RATING:
DAMAGE POTENTIAL:
DISTRIBUTION POTENTIAL:
REPORTED INFECTION:
INFORMATION EXPOSURE:
Threat Type: Trojan
Destructiveness: No
Encrypted:
In the wild: Yes
OVERVIEW
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
It is capable of encrypting files in the affected system.
TECHNICAL DETAILS
Tamaño del archivo 466,432 bytes
Tipo de archivo EXE
Fecha de recepción de las muestras iniciales 23 Dec 2016
Arrival Details
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
Installation
This Trojan leaves text files that serve as ransom notes containing the following:
- to decrypt files write to this mail {contact email}
Dropping Routine
This Trojan drops the following files:
- {folders and subfolders of the encrypted files}\README.txt←serves as ransom note
Other Details
This Trojan renames encrypted files using the following names:
- {directory of the encrypted files}\email-{contact email}.ver-CL 1.3.1.0.id-{HID}@@@@@F438-5F1B.randomname-{random name}.{3 random letters}.{random extension}
It is capable of encrypting files in the affected system.