- Aug 6, 2015
- 306
A new ransomware called DetoxCrypto has been discovered by MalwareHunterTeam that is currently being distributed under two different variants. The first variant looks like a generic ransomware but contains the interesting feature of taking a screenshot of your acting Windows screen when it is installed. The second variant is trying to take advantage of the immense popularity of PokemonGo, by hoping to trick people into installing it.
This ransomware appears to be either part of an affiliate system or being sold on darkweb sites as we are seeing different variants, with different themes, email addresses, and features. For example, one variant has a Pokemon theme, while another has a more generic ransom note, but takes a picture of your active Windows screen when it is installed.
All variants will encrypt your data using AES encryption, stop MySQL and MSSQL services, display a ransom note/lock screen, and play an audio file while the lock screen is showing. In order to pay the ransom, victims are instructed to contact an email listed in the lock screen for payment instructions.
Read more: New DetoxCrypto Ransomware pretends to be PokemonGo or uploads a Picture of your Screen
This ransomware appears to be either part of an affiliate system or being sold on darkweb sites as we are seeing different variants, with different themes, email addresses, and features. For example, one variant has a Pokemon theme, while another has a more generic ransom note, but takes a picture of your active Windows screen when it is installed.
All variants will encrypt your data using AES encryption, stop MySQL and MSSQL services, display a ransom note/lock screen, and play an audio file while the lock screen is showing. In order to pay the ransom, victims are instructed to contact an email listed in the lock screen for payment instructions.
Read more: New DetoxCrypto Ransomware pretends to be PokemonGo or uploads a Picture of your Screen
Last edited by a moderator:
![[correlate]](/data/avatars/s/79/79653.jpg?1556985072){kind=avatar}