Threat type: Ransomware


Platforms: Windows

Overall Risk Rating: Low

Damage Potential: Medium

Distribution Potential: Low

Reported Infection: Low

Information Exposure: High


This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

It adds certain registry entries to disable the Task Manager. This action prevents users from terminating the malware process, which can usually be done via the Task Manager.

It terminates itself if it detects it is being run in a virtual environment.

It encrypts files with specific file extensions. It drops files as ransom note. It avoids encrypting files with the following file extensions.

Source: Trend Micro – Newest Malware Advisories