RotorCrypt is a dangerous and destructive malware. It is categorized as a Ransomware which is used to infect the computer and encrypt the files with a .mail extension. The RotorCrypt Ransomware infects systems through spam email messages that contain attached files of popular extensions such as .doc, .txt, .zip, .pdf, .jpeg etc.
The RotorCrypt Ransomware was first detected in 2016 and the cyber criminals have been updating and adding new .mail extensions to the ransomware. The latest version of the RotorCrypt Ransomware was released in June 2018 with!@#$%__PANAMA1@TUTAMAIL.com__%$#@.mail’ extension, !@#$_____ISKANDER@TUTAMAIL.COM_____$#@!.RAR extension and the!@!@!@_contact mail___boroznsalyuda@gmail.com___!@!@.psd .mail extension as the new additions.
RotorCrypt Ransomware – Threat Behavior
The RotorCrypt Ransomware infiltrates the system through spam email campaigns where the user receives mails which contain infectious attachments. These attachments are from popular file type extensions such as .doc, .txt, .zip, .pdf, .jpeg etc. that require ‘editing to be enabled’ in the software to open these file. Once the user enables editing the file then sends a command to hacker’s servers which then download the virus payload in the user’s system. These files may also be executable files which will download the virus payload on execution.
The main executable file of the RotorCrypt Ransomware makes changes to the important folders in the victim’s system. The folders that may undergo the changes are %AppData%, %Temp% and %Local%. The ransomware Virus uses windows command prompt and may delete the Shadow Volume copies and may disable system recovery.
Read Full Blog
The RotorCrypt Ransomware was first detected in 2016 and the cyber criminals have been updating and adding new .mail extensions to the ransomware. The latest version of the RotorCrypt Ransomware was released in June 2018 with!@#$%__PANAMA1@TUTAMAIL.com__%$#@.mail’ extension, !@#$_____ISKANDER@TUTAMAIL.COM_____$#@!.RAR extension and the!@!@!@_contact mail___boroznsalyuda@gmail.com___!@!@.psd .mail extension as the new additions.
RotorCrypt Ransomware – Threat Behavior
The RotorCrypt Ransomware infiltrates the system through spam email campaigns where the user receives mails which contain infectious attachments. These attachments are from popular file type extensions such as .doc, .txt, .zip, .pdf, .jpeg etc. that require ‘editing to be enabled’ in the software to open these file. Once the user enables editing the file then sends a command to hacker’s servers which then download the virus payload in the user’s system. These files may also be executable files which will download the virus payload on execution.
The main executable file of the RotorCrypt Ransomware makes changes to the important folders in the victim’s system. The folders that may undergo the changes are %AppData%, %Temp% and %Local%. The ransomware Virus uses windows command prompt and may delete the Shadow Volume copies and may disable system recovery.
Read Full Blog
No comments:
Post a Comment