Search
Keyword: unauthorized file encryption
processes that have associated files it tries to encrypt. This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It
This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It connects to certain websites to send and receive
This Trojan Spy arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan Spy arrives on a system
This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It encrypts files with specific file extensions. It
This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It drops files as ransom note. Arrival Details This
-s → Path to file containing list of shares to include in the encryption -n → Encryption percentage on how much content of the files needs to be encrypted -l → Shows the available drives to encrypt
CVE-2010-3145,MS11-001,CVE-2011-0032,MS11-016,MS11-015 Untrusted search path vulnerability in the BitLocker Drive Encryption API, as used in sdclt.exe in Backup Manager in Microsoft Windows Vista SP1
This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It drops files as ransom note. It avoids encrypting
This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Ransomware arrives on a system
web server using Rijndael for its file encryption routine NOTES: This ransomware can upload a file to the server by accessing the affected site with the variable upl : It is also capable of echoing the
files. This is deleted after file encryption (Note: %Desktop% is the desktop folder, where it usually is C:\Documents and Settings\{user name}\Desktop in Windows 2000, Windows Server 2003, and Windows XP
This spyware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It attempts to steal sensitive online banking
This spyware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It attempts to steal sensitive online banking
This spyware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It attempts to steal sensitive online banking
→ /band_start → /!prerename → Do not rename files before encryption Ransomware Routine This Ransomware avoids encrypting files with the following strings in their file name: how_to_decrypt.hta how_to_decrypt.txt
This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Ransomware arrives on a system
encryption It can be configured to be hidden while encryption is ongoing It can be configured to add a specific string for the renamed file name (HID) Ransomware Routine This Trojan renames encrypted files
or shut down Windows services that may be keeping a file open and preventing encryption. It accepts the following parameters: -path → Specify the path to encrypt -ratio → Encryption ratio -nomutex
the following: File encryption Disabling system Propagation Downloading files Gandcrab ransomware typically follows the infection chain below:
This spyware is capable of stealing FTP credentials. The stolen information is then sent to a remote user, thus, leading to unauthorized access of FTP sites. This spyware arrives on a system as a