Ransomware disguised as Windows Activator is emerging in the wild [source: 360totalsecurity]

Windows Activator has been a popular tool for attackers to spread Trojan viruses. Recently, 360 Security Center found a new kind of ransomware, which was spread by disguising as a Windows Activator. Through our precise analysis, we found this ransomware has a hidden configuration function, which can view and modify the key and prompt information used for encryption, and also obtain key decryption through this interface.

Virus Transmission

Trojans are bundled in the Windows Activator and spread through some foreign network disks. The ransomware first appeared on August 7th and has been spreading since then. Although the Trojan itself has been intercepted by security software, it is still being used by

Analysis
We selected one of the Trojan samples for analysis.

After the virus was started, it would be started again with parameters to implement different functions.

For more, click here.