|
Name |
Ransom32 |
|
Type |
Crypto-Locker (Raas) |
|
Encryption Type |
AES encryption |
|
Short Description |
This is the first type of ransomware that was written in pure Java Script, this a new Ransomware as a service. This takes 25% of the ransom payment that is obtained from the victim as a service tax. This is hidden under dark web, It is easy for anyone to join this site as that required by this site is a bitcoin address to which the share of ransom will be sent to. |
|
Symptoms |
Some of the files become unusable, while trying to open such files, an ransom note will be displayed |
|
Distribution Method |
Spam Mail, USB drives. |
|
Image |
|
|
More Details |
The above given are the images of the tor link from which the ransomware can be downloaded and sent to the victim’s. once the configuration are done according to their desired needs they need to simply click on the download option that is given , the size of the ransomware will be in 22mb size and when extracted it will be around 67MB. This are sent through Fake Email attachment and if the victim open its this starts its working it extracts many files into the victim computer, some of the file that are extracted are as given in the following.
The encryption process by this ransomware is through AES encryption method, this does not encrypt all the file that are present in the victim device instead it searches for some particular files like images,word documents, jar files and many other important files and then encrypts them. Once the encryption is done it leaves the help note in the desktop of the victim which will have the notes for how to get back their encrypted file. This has two language in it English or Spanish in it, the default language is English. This lock screen has one option where the victim can decrypt one of the files that are encrypted, this is done to prove the victim that their files can be retrieved if the ransom is paid. |
