[ad_1]
Computer security experts have described the new version of the Rakhni malware for Windows. Its loader itself decides how to handle the victim's computer: hidden encryption of currency, encrypting files and ransomware, or running a worm component and spreading to other machines on the local network.
The decision to load a cryptographer depends on the availability of the system. % AppData% Bitcoin folder. If it does, the boot loader downloads the encryptor. If there is no file and the computer has more than two logical processors, the minor will be downloaded. If this folder does not exist and only one logical processor is available on the computer, the boot loader continues to the ver component.
The virus spreads by using spam and throwing attachments. The executable file is disguised as a PDF file. After startup, an error is displayed, because of which the attachment could not be opened. Malware verifies the system for directories and files, disables the built-in "Windows Defender", installs the root certificate, and manages the selected activity type.
More information about Trojan-Ransom.Win32.Rakhni is available on the ""
Smartphones in the directory Onliner.by
Our channel in Telegram.
Quick communication with the editor: read the Onliner public chat and write us at Viber!
Source link
