TLDR:
- CryptoWire ransomware, built with AutoIt scripting language, is spreading through phishing emails.
- The ransomware includes the decryption key within its code, making file recovery complex.
According to AhnLab security researchers, the ransomware installs itself in a common location to ensure persistence, schedules tasks to maintain its presence, and encrypts files on local networks. Encrypted files are renamed with the “.encrypted” extension, and a log file is saved on the desktop. The malware deletes shadow copies and demands a ransom for decryption. Users should exercise caution when opening unknown files and use anti-malware software for protection. Stay updated on cybersecurity news and follow GBHackers On Security.
Recently, other threats like a Trojan downloader and ransomware have been detected, along with multiple IoCs that could identify malicious files. Immediate action is required to remove this malware and protect systems. Users can access a collection of cybersecurity tools on the GBHackers website for enhanced security measures.