Home / malware Trojan.Ransomcrypt.G
First posted on 04 March 2014.
Source: SymantecAliases :
There are no other names known for Trojan.Ransomcrypt.G.
Explanation :
This Trojan must be manually installed.
The Trojan encrypts the first 25 percent of all files with the following extensions and adds an .OMG! extension to the file name:
.0??.1cd.3fr.3gp.7z.?ar.abk.accdb.adf.ai.arc.arj.arw.ashbak.ashdisk.avi.ba?.backup.bk?.bmp.bup.cdr.cdx.cer.cf.cfu.cr?.cs?.da?.dbf.dcr.der.dic.divx.djvu.dng.doc.doc?.dt.dwg.dx?.e?f.efd.eps.er?.fbw.fh.flv.frp.gh?.gif.gzip.hbi.hdb.htm.html.ifo.img.indd.iso.iv2i.jpeg.jpg.kdc.key.kwm.ld?.m2v.max.md.md?.mef.mkv.mov.mp4.mpeg.mpg.mrw.nba.ndf.nef.nr?.od?.ol?.one.orf.p12.p7?.pb?.pd?.pef.pem.pfx.png.pps.pps?.ppt.ppt?.psd.pst.ptx.pwm.qbw.r??.sco.sef.sk.sr2.srf.srw.tbk.tc.tib.tif.tmd.txt.v?.v??.v???.wb2.wbb.wim.wmv.wpd.wps.x3f.xl?.xls?.xml.z?.z??.z???
Note: The Trojan avoids files inside %Windows%.
The Trojan drops the following file inside any folder containing a file encrypted by the Trojan:
how to get data.txt
The Trogan opens 'how to get data.txt' in Notepad and displays the following:
The Trojan deletes itself once it finishes executing.Last update 04 March 2014