Types header




Crypto Ransomware

Encryption Type

AES 256 Encryption

Short Description

This ransomware infects the victim and then encrypts the victim files, the encrypted files extension are changed into .RDM format.


Unwanted Pop-up, Display will be as shown in the image

Distribution Method

Spam emails, Fake downloads, Exploit kits




More Details

When this ransomware is installed, it copies itself to the windows directory and creates a autorun registry to make sure the infection stays and starts every time the victim turns on the system. Once this process is done it starts to scan the device on the computer and encrypts the files that match certain file extension. When the targeted files is found it generates a unique AES encryption key and then encrypts the file. When a files is encrypted the extension of the encrypted files is then added with .RDM extension to it. If the device is not connected with internet, then it is well safe from the ransomware. Some of the targeted file types by this ransomware are as given below.


During the encryption process this will also issue a WMIC command which clears the shadow volume copies of the victim’s device. This is done to ensure that the victim cannot recover the files that are encrypted.

The command that is used for deleting the shadow volume from the victim device is as given below.


When all these process are over then a .url format files is created and left over on the victim desktop which has description for how to get back the encrypted files, and what bitcoin address the ransom is to be sent.