| Name | Poshcoder |
| Type | Crypto Ransomware |
| Encryption Type | AES & RSA 4096 Key exchange |
| Short Description | POSHCODER was developed targeting most of the users in United States, The Trojan uses the Windows PowerShell to encrypt the files in the system. |
| Symptoms | Some of the files become inaccessible and prompts to pay ransom when it is clicked |
| Distribution Method | The Trojan is distributed via emails and after infection the Trojan converts every file into .poshcoder files. |
| Image |  |
| More Details |
To make sure that the Trojan runs every time when the computer is started the Trojan adds an registry entry in the memory and drops a UNLOCKYOURFILES.html file into every folder in the system that is infected. Once the users are infected they are instructed to follow a ransom note which asks the user to install a Multibit application which enables the victim have his/her own Bitcoin wallet for 1 bitcoin. And is instructed to enter email-address and Bitcoin ID to get the decryption key. |