Home / malware Ransom:Win64/Braincrypt.A
First posted on 01 March 2017.
Source: MicrosoftAliases :
There are no other names known for Ransom:Win64/Braincrypt.A.
Explanation :
This ransomware encrypts files and uses .braincrypt as file name extension for encrypted files.
It leaves a ransom note with the following filename:
!!! how to decrypt files !!!.txt
The ransom note contains the following text:
YOUR FILES WERE ENCRYPTED.
TO DECRYPT FILES, PLEASE, CONTACT US WRITING ON THIS EMAIL: headlessbuild@india.com
YOUR PERSONAL ID:
This ransomware is developed using the Go programming language.
It connects to a certain URL, likely controlled by the attacker, using a specific Go user-agent:
URL: hxxp:// alex-luthor. myjino .ru/ htdocs/gateway/gate.php?uuid=
User-agent: Go-http-client/1.1
The ransomware makes this connection presumably to report that your computer has been compromised. However, during analysis, the URL is inaccessible.
Analysis by Francis Tan SengLast update 01 March 2017
