|Symptoms||The lock screen will contain a ransom note, some files become inaccessible.|
|Distribution Method||Spam Email.|
This ransomware is spread through spam emails containing malicious contents. Once this infiltrates the device, it stores an exec file in the windowsupdate.exe,then it creates an autorun in the registry so that whenever the device is restarted the ransomware too starts.
Once these process are completed this ransomware starts to scan the victim device and then targets for specific files and folders. Every time when this ransomware encrypts a file it adds the extension .encrypted to the encrypted file and also drops a ransom note named as How_To_decrypt.txt this will contain the information for retrieving the files. Once all these process are done this ransomware displays a lock screen that prevents the victim from using the device. The ransom note will be like as shown below.