Malware in this family is distributed in various ways, such as attacks exploiting weak or stolen RDP credentials, and malicious attachments in spam email messages. After the malware is launched, it tries to stop some processes and turn off anti-malware software. After this step, it encrypts almost all files on all logical drives by using the AES cipher.
Top 10 countries with most attacked users (% of total attacks)
* Percentage of all unique Kaspersky users worldwide who have been attacked by this malware