Threat type: Ransomware
Aliases: Trojan:MSIL/XWormRAT.A!MTB (MICROSOFT)
Overall Risk Rating: Low
Damage Potential: Medium
Distribution Potential: Low
Reported Infection: Low
Information Exposure: High
This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
It adds certain registry entries to disable the Task Manager. This action prevents users from terminating the malware process, which can usually be done via the Task Manager.
It terminates itself if it detects it is being run in a virtual environment.
It encrypts files with specific file extensions. It drops files as ransom note. It avoids encrypting files with the following file extensions.
Source: Trend Micro – Newest Malware Advisories