A newly detected Ransomware called Retis

  • 486
  •  
  •  
  • 1
  •  
  •  
  •  
    487
    Shares

A security researcher has discovered a ransomware called Retis,  which is a ransomware-type virus that secretly infiltrates the system. Shortly after executed, RETIS encrypts most saved data and adds filenames with the “.crypted” extension.

It is a .NET ransomware, so its source code can be easily viewed. When the malware executed it will first target the victim’s Desktop, Documents, and Pictures folder for encryption. After that, it will target the rest of the drives on the computer. Lastly, it will turn the Windows wallpaper as %APPDATA%\RANSOM.png, which is an installed resource in the executable. The executable also contains a second image resource of a mountain range, but it is not used.

The file extensions targeted by this ransomware are:

.txt, .doc, .docx, .xls, .xlsx, .ppt, .pptx, .jpg, .jpeg, .png, .one, .pdf

The name of the ransomware is obtained from the string of text located in the windows console, it shows the string “Hack Lab by Retis”.

Retis ransomware shares several likenesses with dozens of other ransomware viruses such as Cyclone, Zlocker, and Skeleton.

Most ransomware is increased using spam emails, third-party software download sources, fake software updates, and trojans. Users are recommended to be careful, don’t open files (malicious attachments) received from suspicious email addresses – remove these emails without reading.

The following two tabs change content below.

Unallocated Author

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]

Unallocated Author

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]

Do NOT follow this link or you will be banned from the site!