The malware of this family is distributed by attacks exploiting weak or stolen RDP credentials and malicious attachments in spam emails. Once in the system, it encrypts all user files with the AES (CryptoPP) encryption. After this the malware creates a file named ‘!!! READ THIS !!!.hta’, which describes what the victim should do.
Top 10 countries with most attacked users (% of total attacks)
* Percentage of all unique Kaspersky users worldwide who have been attacked by this malware