|
Name |
Hydra Crypt Ransomware |
|
Type |
Crypto-Ransomware |
|
Encryption Type |
AES-265 and RSA |
|
Short Description |
Based on leaked source code of crypboss; arrives via spam,deadline for paying the ransom is 72 hours |
|
Symptoms |
Dump of encrypted files on the desktop of the affected computer |
|
Distribution Method |
Spam Email, fake downloads. |
|
Image |
|
|
More Details |
This targets all the windows versions. This is spread through Email attachment, fake updates. Once when this is installed in a computer it creates a random name file in the folder of appdata and local data folder, this is launched and then begins to scan certain targeted documents in the device. Some of the targeted file extension are as given below in the following.
Once these files are scanned then it starts to encrypt them it encrypts by connecting to the C&C server this works only when the device is connected to the internet it encrypts using RSA and AES algorithm. The infection is launched approx. from ten to twenty minutes, then the encryption process is done and once this process is over the victim can see a unique ID number that consists of 8 digits. Then they demand the victim to pay the ransom within the time limit or else the files will be deleted permanently , the attackers mail ID is given and a sample file is decrypted for free just to make the victim believe that his file will be given back. There will be ransom note on the desktop of the victim, these files are also located in every place where the files are encrypted. This will contain the information on how to access that payment site and to get back the encrypted files. Not only this is done the shadow volume are also deleted from the victim computer which puts the victim no other option than to pay the ransom. |
