![]() ![]() ![]() The text file has ransom instructions on how to contact the cyber-criminals in an anonymous manner: ![]() It also drops a README.txt file with numbers, for example README1.txt, README2.txt and so on. The victim’s ID is added as a sub-extension between the scrambled name and the original name of the ransomware and it is also alpha numerical with capitalized letters, for example:Īfter the damage is done, Windows 10 ransowmare changes the background of the infected computer to an image, looking the same as Shade Ransomware(see the picture at the beginning of this article). ![]() windows 10 file extension and is believed to scramble the names of the encrypted files, for example:ġ2dh2380d23248f397800x98dbx9g823f834fb3.windows10 The encryption algorithm which is believed to be used by Windows 10 ransomware is RSA cipher which is [very strong in bits. → Wb2, cdr, srw, p7b, odm, mdf, p7c, 3fr, der, odb, arw, rwl, cer, xlk, pdd, rw2, crt, dx, r3d, pem, bay, ptx, pfx, mdb, rtf, txt, xml, csv, pdf, prn, dif, slk, ods, xltx, xlm, odc, xlw, uxdc, pm, udl, dsn, iqy, dqy, oqy, cub, bak, frm, opt, myd, myi, db, onetoc2, one, onepkg, vcs, ics, pst, oft, msg, pptx, ppt, pptm, pps, ppsm, pot, potx, ptm, dwg, dxf, docx, doc, docm, dct, mef, cin, sdpx, dpx, fido, dae, dcm, dc3, dic, eps, kmz, iff, html, mht, mhtml, shtml, hta, htc, ssi, as, asr, xsl, xsd, dtd, xslt, rss, rdf, lbi, asa, ascx, asmx, config, cfm,cfml, cfc, tld, phtml, jsp, svg, svgz, rle, tga, cda, icb, wbm, wbmp, jpf, jpx, jp2, j2k, j2c, jpc, avi, mkv, movm, mp4, wmv, 3gp, mpg, mpeg, m4v, 7z, rar, tar, gz, bz2, wim, xz, c, h ,hpp, cpp, php, php3, php4, php5, py, pl, sln, js, json, inc, sql, java, class, ini Source: TrendMicro Similar to Shade ransomware, Windows 10 virus may look for the following types of files which it scrambles with a strong encryption: From there, the Windows 10 virus may choose a key from the server it has connected to and encrypt the files of the infected machine. As soon as its activated on the computer it has infected, Windows 10 ransomware may connect to the cyber-criminals’ command and control server which is masked using Tor networking. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |