The malware that was discovered appears to be new, since it has no links to any other known ransomware family.
Cybercriminals are using an information pack open source called UPX, which is known for supporting multiple file formats.
The exact method of distributing ransomware remains unknown, but it is mainly done via emails. Upon entering the victim's system, he checks the Recycle Bin and empties it.
It then corrupts the backups, disables the Windows Error Recovery service, and then executes commands to destroy the user's ability to recover data its after encryption.
Once these services are disabled it starts the encryption process using AES and RSA algorithms.
The ransomware encrypts files such as photos and images, databases, documents, videos and other files on the device.
Once the encryption is complete, a "PXJ" extension is added and downloads a file named "LOOK.txt" containing the note requesting ransom from the victim.
Infected users can contact them invaders via email only and are asked to pay a bitcoin ransom to get their files back.
Also, the attacker asks the victims to pay the ransom immediately, otherwise the amount will double after three days and the decryption key will be destroyed.
Investigators they noticed also the existence of a file named "Res.AAABANIx93RdufO4", containing old and new samples of ransomware, which, as the victim's note notes, "should not delete this file, which leads to the conclusion that this file can be used in the decryption process. ”
The use of ransomware has turned into a highly profitable malware business around the world, which is constantly evolving and generating millions of dollars to its creators.