- Distribution Method : Unknown
- MD5 : f87a2e1c3d148a67eaeb696b1ab69133
- Major Detection Name : Trojan-Ransom.Win32.Gen.xyl (Kaspersky), RDN/Ransom (McAfee)
- Encrypted File Pattern : .<8-Digit Random Extension>
- Payment Instruction File : README.<Encryption Extension>.TXT
- Major Characteristics :
- Offline Encryption
- Exception to terminate specific process (explorer.exe, svchost.exe, TeamViewer.exe, vmcompute.exe, vmms.exe, vmwp.exe)
- Block processes execution
- Delete multi services
- Disable system restore
- Empty the trash
List