|Encryption Type||RC4 algorithm|
|Distribution Method||Torrent Network|
The principle objective of PClock2 was to encrypt essential documents on the victim's computer, keeping in mind the end goal to constrain them to pay a payment consequently for their records. PClock2 scrambles records utilizing an random produced key and the RC4 algorithm. Like most different variations it additionally demands payment in bitcoin and limits the client with a restricted time window to deliver it.
This malware produces a fake alert for the victims to delete the anti-virus installed in the system, in order to save itself from deletion
This ransomware enters the victim’s computer through torrent downloads, once the victim’s computer is compromised this establishes its persistence through the following entry,
This also saves additional information regarding the infection that is done lie the address for the bit payment:
This ransomware targets more than 2583 extensions, which is a huge number compared to other ransomware found so far. Some of the C&C servers for this malware are found on the following domain.
The files are stored locally on the appdata location
In appdata there are files known as WIndsk.exe (this is the malware executable file)
Windskwp.jpg(this contains the image which pops up on the victim computer)
Enc_files.txt(this has the list of encrypted file)
The main defect in the PClock2 is it just seems to be powerfull while hearing about it, the files are not damaged as it claims. They can be decrypted easily.