Types header





Encryption Type

AES -256 Algorithm

Short Description

This has live chat support for affected users; arrives via spam. The ransom is to be paid within 96hours.


 A ransom note will be displayed on the victim's device.

Distribution Method

Email attachment



More Details

This works as same as crypto wall ransomware , but there is a upgrade in this. This allows the victims to have live session with the attacker. This is majorly spread through the PDF email attachment. Once the PDF file is opened the infection starts and the malware are installed , including the live chats. The ransomware scans for local drives for some targeted extensions most of them will be .doc,.jpg.gif and many more. This also deletes shadow volume copies on the machine. After all these process the text pad is left in the desktop of victim where it demands money from the victim and the time limit is set as 96 hours. This also allows the files to be decrypted for free but the victim has to wait for 6months and have to request the developers of the ransomware. The live chat website is tor based and there are uninstall options given for easy removal also.  The website is tor domain to main the anonymity of the attacker.