Trojan-Ransom.Win32.Dcrtr

Class Trojan-Ransom
Platform Win32
Description

Malware in this family spreads by using different methods such as spam, email attachments, and compromised legitimate downloads. Once launched, the program starts encrypting files. It uses RSA to create the file encryption key, then encrypts user files by using this key and the AES_256_CBC cipher. The program does not encrypt system directories and files, the file with the ransom message, and the info.hta file.