Detect Date 12/20/2019
Class Trojan-Ransom
Platform Win32

The malware of this family is distributed by attacks exploiting weak or stolen RDP credentials and malicious attachments in spam emails. Once in the system, it encrypts all user files with the AES (CryptoPP) encryption. After this the malware creates a file named ‘!!! READ THIS !!!.hta’, which describes what the victim should do.

Top 10 countries with most attacked users (% of total attacks)

  Country Percentage of users*
1 Russian Federation 78.57
2 Mexico 3.97
3 China 2.38
4 Colombia 2.38
5 Germany 1.98
6 Brazil 1.59
7 USA 1.59
8 Italy 1.19
9 Ukraine 0.79
10 Australia 0.40

* Percentage of all unique Kaspersky users worldwide who have been attacked by this malware

Find out the statistics of the threats spreading in your region