|Encryption Type||AES & RSA 4096 Key exchange|
|Short Description||POSHCODER was developed targeting most of the users in United States, The Trojan uses the Windows PowerShell to encrypt the files in the system.|
|Symptoms||Some of the files become inaccessible and prompts to pay ransom when it is clicked|
|Distribution Method||The Trojan is distributed via emails and after infection the Trojan converts every file into .poshcoder files.|
To make sure that the Trojan runs every time when the computer is started the Trojan adds an registry entry in the memory and drops a UNLOCKYOURFILES.html file into every folder in the system that is infected.
Once the users are infected they are instructed to follow a ransom note which asks the user to install a Multibit application which enables the victim have his/her own Bitcoin wallet for 1 bitcoin. And is instructed to enter email-address and Bitcoin ID to get the decryption key.