Home / malware Ransom:Win32/Pottieq.A
First posted on 11 February 2016.
Source: MicrosoftAliases :
There are no other names known for Ransom:Win32/Pottieq.A.
Explanation :
Installation
Threats from this ransomware family can be installed from other malware.
It drops itself in the.
This threat also changes the following registry settings:
In subkey: HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Sets value: ""
With data: "%startup folder%\.exe "
Payload
Encrypts your files
Some variant of this ransomware family can search for files in all of the folders with the following extensions and then encrypt them. You might not be able to open the files in such a case:
.113 .csv .ldf .pdb .sna .1cd .db .m2v .pdf .spf .3gp .db3 .m3d .pef .sql .73b .dbf .max .pps .sr2 .7z .doc .mdb .ppsx .srf .a3d .docx .mkv .ppt .srw .abf .dt .mov .pptm .svg .abk .dwg .mp3 .pptx .swf .accdb .dxf .mp4 .prproj .tbl .accdt .emlx .mpeg .pst .tib .aep .erf .msg .ptx .tis .ai .fbf .nbd .pwm .txt .arj .fbk .nrw .pz3 .vob .as4 .fbw .nx1 .qic .wab .asm .fbx .odb .qif .wmv .asvx .fdb .odc .qt .wps .ate .flv .odp .r3d .wps .avi .gbk .ods .rar .x3f .bac .gho .ods .raw .xlr .bak .gzip .odt .rtf .xls .bck .iso .ofx .rwl .xlsb .bkf .iv2i .old .rx2 .xlsk .cdr .jpeg .ost .sbs .xlsm .cer .jpg .ots .sldasm .xlsx .cf .key .p12 .sldprt .xml .cpt .keyste .pab .sn1 .zip
Threats from this ransomware family can create the following file inor its subdirectories:
.bmp .exe
After the files are encrypted, the ransomware adds a new file by appending ".id-- " to the affected file extension.
For example:
- file.png added new file file.png.id-0000000000000 €“xxx@xxx.xxx
- file.bin is renamed to file.bin.id-0000000000000 €“xxx@xxx.xxx
The following page might also replace your on your screen:Last update 11 February 2016
