Class: Trojan-Ransom
This type of Trojan modifies data on the victim computer so that the victim can no longer use the data, or it prevents the computer from running correctly. Once the data has been “taken hostage” (blocked or encrypted), the user will receive a ransom demand. The ransom demand tells the victim to send the malicious user money; on receipt of this, the cyber criminal will send a program to the victim to restore the data or restore the computer’s performance.Read more
Platform: PHP
No platform descriptionFamily: WLock
No family descriptionExamples
3B887C6A7976E4D2FF6644C6F3552574DBE9B01FE4C432ED8D45F1CBA8EA4B11
20FC3199230E513943B9E173FB964D17
D34FD4FD783A54F483B24A7FA4612EAA
765A162D7F7C963EB9DFE0040270E2D2
Tactics and Techniques: Mitre*
Adversaries may log user keystrokes to intercept credentials as the user types them. Keylogging is likely to be used to acquire credentials for new access opportunities when OS Credential Dumping efforts are not effective, and may require an adversary to intercept keystrokes on a system for a substantial period of time before credentials can be successfully captured. In order to increase the likelihood of capturing credentials quickly, an adversary may also perform actions such as clearing browser cookies to force users to reauthenticate to systems.
Adversaries may log user keystrokes to intercept credentials as the user types them. Keylogging is likely to be used to acquire credentials for new access opportunities when OS Credential Dumping efforts are not effective, and may require an adversary to intercept keystrokes on a system for a substantial period of time before credentials can be successfully captured. In order to increase the likelihood of capturing credentials quickly, an adversary may also perform actions such as clearing browser cookies to force users to reauthenticate to systems.
* © 2025 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.