| Name | Cryptojoker |
| Type | Crypto Ransomware |
| Encryption Type | AES -256 Encryption |
| Short Description | CryptoJoker ransomware encrypts the data using AES-256 encryption and then demands a ransom in bitcoins to recover the data back. |
| Symptoms | The targeted file extensions will be renamed to as. crjoker extension. For example, car.jpg would become car.jpg.crjoker |
| Distribution Method | This ransomware uses various techniques for its distribution such as spam emails with fake PDF or Microsoft word attachments. |
| Image |
The below showing the ransom note of crypto joker ransomware.
|
| More Details |
The list of extensions that cryptojoker targets are  While encryption process, CryptoJoker ransomware will send information to the Command & Control servers of malware authors. The data send through the Command & Control servers includes date, username, hostname and machine name. The files associated with CryptoJoker are as follows, %Temp%\crjoker.html %Temp%\drvpci.exe %Temp%\GetYouFiles.txt %Temp%\imgdesktop.exe %Temp%\new.bat %Temp%\README!!!.txt %Temp%\sdajfhdfkj %Temp%\windefrag.exe %Temp%\windrv.exe %Temp%\winpnp.exe %AppData%\dbddbccdf.exe %AppData%\README!!!.txt22 The registry entries associated with CryptoJoker are as follows HKCU\Software\Microsoft\Windows\CurrentVersion\Run\winpnp HKCU\Software\Microsoft\Windows\CurrentVersion\Run\drvpci HKCU\Software\Microsoft\Windows\CurrentVersion\Run\windefrag |
