App Review CryptOLOcker Ransomware - Demonstration of attack

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
GrujaRS

GrujaRS

Level 5
Thread author
Verified
Well-known
Aug 7, 2016
228
1,019
368
Belgrade
Ransom note;HOW_TO_RESTORE_FILES.html.
 

Attachments

  • Capture.PNG
    Capture.PNG
    334.3 KB · Views: 499
  • Capture2.PNG
    Capture2.PNG
    45.9 KB · Views: 469
  • Capture1.PNG
    Capture1.PNG
    108.3 KB · Views: 489
  • Capture3.PNG
    Capture3.PNG
    67.2 KB · Views: 486
  • Like
Reactions: Der.Reisende, Deleted Member 3a5v73x, GarciaKaspersky and 2 others
I assume Kaspersky would still have taken care of this ransom if it didn't have sigs for it and rolled back encryption right? if "System Watcher" was enabled and before encryption takes place, file copies created with "Kaspersky Cryptomalware Countermeasures Subsystem" technology like shown in this video?
 
  • Like
Reactions: harlan4096 and Der.Reisende
davisd said:
I assume Kaspersky would still have taken care of this ransom if it didn't have sigs for it and rolled back encryption right? if "System Watcher" was enabled and before encryption takes place, file copies created with "Kaspersky Cryptomalware Countermeasures Subsystem" technology like shown in this video?
Click to expand...

It would be interesting to test with this ransom
 
  • Like
Reactions: Der.Reisende and Deleted Member 3a5v73x
There are "too many" steps to not get suspicious. You must first allow the PDF to download the doc, then the file must run it, then enable editing and then authorize the macro execution ...
Sooner or later I expect some malware that says to dip notebok in a bucket of water. And I expect that someone will do it. :(;):D
 
  • Like
Reactions: Der.Reisende and Deleted Member 3a5v73x

You may also like...