Strange Ransomeware Only Targets Specfic Drives
The AnteFrigus ransomware is a peculiar piece of software that does not act like expected. Insteadd of encrypting the C:/ drive of a computer which would usually contain important user documents, it targets storage devices with other drive letters. It also has an extensive list of whitelisted extensions that it will not decrypt such as .dll, .msi, .ico and .bin. It’s possible that this technique is used to target network shares that may contain important business information, but this is unknown. It takes advantage of a RIG exploit in Internet Explorer to do its business.
You must be logged in to reply to this topic.