A new ransomware has been discovered that installs DiskCryptor on the infected computer and reboots your computer. On reboot, victims will be greeted with a custom ransom note that explains that their disk has been encrypted and how to pay the ransom.
DiskCryptor is a encryption program that encrypts the whole disk and then prompts the user to enter a password on reboot. This password prompt occurs before Windows even starts and a user must enter the password to decrypt the drive and start the computer's normal boot process.
Discovered by
MalwareHunterTeam, this ransomware is being run manually or called by another script as it requires an argument to be passed to the program, which is used as the password for DiskCryptor. It is also possible that the attackers are hacking into Remote Desktop Services and installing the ransomware manually.
During the installation process, a log file will be created at C:\Users\Public\myLog.txt that shows the current stage of the encryption process.
![[correlate]](/data/avatars/s/79/79653.jpg?1556985072){kind=avatar}