Trojan-Ransom.Win32.Cryptodef

Detect Date 04/18/2016
Class Trojan-Ransom
Platform Win32
Description

This family of ransomware consists of the Cryptowall Trojan. Most infections by this family to date have occurred in the USA.

Cryptowall is spread in malicious spam messages. The messages contain archives with malicious script files written in JavaScript. If the user runs the script, Cryptowall infects the computer. The script runs a downloaded program that encrypts files on the user’s computer, locks the operating system welcome screen, and displays a message that the user must pay money to the attacker in order to regain access to the files. The message mocks victims by congratulating them for becoming “a part of large community CryptoWall”.

Geographical distribution of attacks by the Trojan-Ransom.Win32.Cryptodef family

Geographical distribution of attacks during the period from 18 April 2015 to 18 April 2016

Top 10 countries with most attacked users (% of total attacks)

Country % of users attacked worldwide*
1 USA 9.89
2 Russian Federation 7.88
3 India 6.21
4 Germany 4.67
5 Vietnam 3.95
6 France 3.66
7 Italy 3.46
8 Spain 3.41
9 Turkey 3.10
10 Brazil 2.77

* Percentage among all unique Kaspersky users worldwide who were attacked by this malware