A security researcher has discovered a ransomware called Retis, which is a ransomware-type virus that secretly infiltrates the system. Shortly after executed, RETIS encrypts most saved data and adds filenames with the “.crypted” extension.
It is a .NET ransomware, so its source code can be easily viewed. When the malware executed it will first target the victim’s Desktop, Documents, and Pictures folder for encryption. After that, it will target the rest of the drives on the computer. Lastly, it will turn the Windows wallpaper as %APPDATA%\RANSOM.png, which is an installed resource in the executable. The executable also contains a second image resource of a mountain range, but it is not used.
The file extensions targeted by this ransomware are:
.txt, .doc, .docx, .xls, .xlsx, .ppt, .pptx, .jpg, .jpeg, .png, .one, .pdf
The name of the ransomware is obtained from the string of text located in the windows console, it shows the string “Hack Lab by Retis”.
Retis ransomware shares several likenesses with dozens of other ransomware viruses such as Cyclone, Zlocker, and Skeleton.
Most ransomware is increased using spam emails, third-party software download sources, fake software updates, and trojans. Users are recommended to be careful, don’t open files (malicious attachments) received from suspicious email addresses – remove these emails without reading.
Latest posts by Unallocated Author (see all)
- The Digital Revolution: Ways to Drive Business Growth in the Private Education Sector - March 9, 2020
- Top Cybersecurity Trends In 2020 - February 20, 2020
- Microsoft Rolled Out Huge Patch Tuesday February With 99 Bug Fixes - February 14, 2020