Name |
FAKBEN |
Type |
Crypto-Ransomware. |
Encryption Type |
Simple AES algorithm. |
Short Description |
This is a Raas(Ransomware as a service). This belongs to crypto type ransomware. This site is based on Tor domain, this site claims that they will take 10percent of total ransom paid. |
Symptoms |
The desktop background of the victim will be changed and some files become unusable. |
Distribution Method |
Spam mail or USB drives. |
Image |
|
More Details |
The FAKDEN team offers a unique & special professional service by renting the cryptolocker ransomware through an executable file which can be customized according and then sent to specific person demanding the ransom. Once the ransomware is sent to the victim if he double clicks on it, this creates an autorun run on registry to execute automatically whenever the system is rebooted, the registry is created under win logon and run with shells and MS. This also disable the task manager by changing the registry setting into disable task manager value =1, C&C REG: The ransomware obtains the OS and packs by querying the name of product and the CSD version of registries, this also collects the GUID of machine by MachineGUID registry. The ransom note both textand as an image is used to lock ther desktop of the user the file is named as READ ME FOR DECRYPT.txt to all infected registries. This also provide QR code for making the process simple. There are decryptors available for these. |