SecurityHome.eu Ransom:PHP/Ronggolawe.A

Home / malware PDF

Ransom:PHP/Ronggolawe.A

First posted on 29 August 2017.
Source: Microsoft
Aliases :
There are no other names known for Ransom:PHP/Ronggolawe.A.
Explanation :
This threat is an open-source ransomware that targets web servers. It encrypts files found in target servers.

When an attacker gains access to a target web server, this threat reconfigures the service by modifying the .htaccess file. It also installs a web interface for the attacker to use to encrypt and decrypt files.

This threat can be instructed by the attacker to enumerate directories and start encrypting files. It can also be configured to send email notifications about the encryption to the attacker.

Affected websites display variations of the following web page:

Analysis by Jireh Sanico
Last update 29 August 2017

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20

Family:

Ransom:PHP/Ronggolawe.A