This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
It encrypts files with specific file extensions.
This Ransomware drops the following files:
This Ransomware does the following:
Displays the following window as warning of the ransomware:
Displays the following window after encryption:
This Ransomware encrypts files with the following extensions:
It appends the following extension to the file name of the encrypted files:
Before doing any scans, Windows XP, Windows Vista, and Windows 7 users must disable System Restore to allow full scanning of their computers.
Search and delete this file
Scan your computer with your Trend Micro product to delete files detected as RANSOM_RDW.A. If the detected files have already been cleaned, deleted, or quarantined by your Trend Micro product, no further step is required. You may opt to simply delete the quarantined files. Please check this Knowledge Base page for more information.
Restore encrypted files from backup.