Home / malware Trojan.Cryptolocker.Y
First posted on 19 August 2015.
Source: SymantecAliases :
There are no other names known for Trojan.Cryptolocker.Y.
Explanation :
Once executed, the Trojan creates the following file:
%UserProfile%\Desktop\READ_IT.txt
Next, the Trojan encrypts files with the following file extensions:
.txt.doc.docx .xls .xlsx .ppt .pptx .odt .jpg .png .csv .sql .mdb .sln .php .asp .aspx .html .xml .psd
The Trojan appends the following string to the encrypted file names:
.locked
The Trojan then drops the following .txt file onto the desktop of the compromised computer:
%UserProfile%\Desktop\READ_IT.txt
The .txt file contains the following message:
Files has been encrypted with hidden tear
Send me some bitcoins or kebab
And I also hate night clubs, desserts, being drunk.
Next, the Trojan gathers the following information from the compromised computer:
Computer nameUser nameEncryption key used to encrypt files
The Trojan then sends the gathered information to the following remote location:
www.utkusen.comLast update 19 August 2015
