Ransomware disguised as Windows Activator is emerging in the wild [source: 360totalsecurity]

by CIRT Team

Windows Activator has been a popular tool for attackers to spread Trojan viruses. Recently, 360 Security Center found a new kind of ransomware, which was spread by disguising as a Windows Activator. Through our precise analysis, we found this ransomware has a hidden configuration function, which can view and modify the key and prompt information used for encryption, and also obtain key decryption through this interface.

Virus Transmission

Trojans are bundled in the Windows Activator and spread through some foreign network disks. The ransomware first appeared on August 7th and has been spreading since then. Although the Trojan itself has been intercepted by security software, it is still being used by

Analysis
We selected one of the Trojan samples for analysis.

After the virus was started, it would be started again with parameters to implement different functions.

For more, click here.

CIRT Team

Recommended Posts

Training on cybersecurity awareness for Department of Women Affairs

25 Nov 2023 - Articles, English articles, News, News Clipping, Service

BGD e-GOV CIRT এর আয়োজনে আয়োজনে আর্থিক প্রতিষ্ঠান ও CII সমূহের সাইবার ড্রিল ২০২৩ চূড়ান্ত পর্ব অনুষ্ঠিত

22 Oct 2023 - Articles, Bangla Articles, CIRT In Media, News, News Clipping

WhatsApp down for millions of users globally: App not working for group and individual chats; Twitter gets flooded with memes

25 Oct 2022 - News, News Clipping