Types header


Name Poshcoder
Type Crypto Ransomware
Encryption Type AES & RSA 4096 Key exchange
Short Description POSHCODER was developed targeting most of the users in United States, The Trojan uses the Windows PowerShell to encrypt the files in the system.
Symptoms Some of the files become inaccessible and prompts to pay ransom when it is clicked
Distribution Method The Trojan is distributed via emails and after infection the Trojan converts every file into .poshcoder files.
Image  poshcoder
More Details

To make sure that the Trojan runs every time when the computer is started the Trojan adds an registry entry in the memory and drops a UNLOCKYOURFILES.html file into every folder in the system that is infected.

Once the users are infected they are instructed to follow a ransom note which asks the user to install a Multibit application which enables the victim have his/her own Bitcoin wallet for 1 bitcoin. And is instructed to enter email-address and Bitcoin ID to get the decryption key.