SecurityHome.eu Ransom:MSIL/Paggalangrypt.A!rsm

Home / malware PDF

Ransom:MSIL/Paggalangrypt.A!rsm

First posted on 31 January 2018.
Source: Microsoft
Aliases :
There are no other names known for Ransom:MSIL/Paggalangrypt.A!rsm.
Explanation :
This ransomware creates the following registry entry so that it automatically starts with your PC:

In subkey: HKU\Administrator\Software\Microsoft\Windows\CurrentVersion\Run Sets value: WindowsEnc With data:

It downloads a JPEG file, which it later uses as the ransom note, from the following location:

hxxps://image.ibb.co/kO6xZ6/insane_uriel_by_urielstock_4.jpg

File encryption

This ransomware searchers for files to encrypt in all folders except the following:

Windows

Program Files

Program Files (x86)

It encrypts files with the following extensions using AES encryption:

.c

.jpg

.mp3

.mp4

.pdf

.png

.py

.txt

It also renames encrypted files by adding the extension .enc. For example:

file.png is renamed to file.png.enc

file.txt is renamed to file.txt.enc

Ransom note

It sets the following image as the desktop wallpaper to display ransom information.
Last update 31 January 2018

TOP

Malware :

Last 20

Family:

Ransom:MSIL/Paggalangrypt.A!rsm