SYMBOLCOMMON_NAMEaka. SYNONYMS
win.cryptopatronum (Back to overview)

CryptoPatronum

CryptoPatronum is a ransomware that encrypts user data through AES-256 (CBC) and it asks for BTC / ETH in order to get back the original files. In the ransom note there is not a title but only a reference to crsss.exe: its original file name. Once the files are encrypted, CryptoPatronum adds a .enc extension.

References
2020-01-25ID RansomwareAndrew Ivanov
@online{ivanov:20200125:cryptopatronum:4adacea, author = {Andrew Ivanov}, title = {{cryptopatronum ransomware}}, date = {2020-01-25}, organization = {ID Ransomware}, url = {https://id-ransomware.blogspot.com/2020/01/cryptopatronum-ransomware.html}, language = {Russian}, urldate = {2020-02-03} } cryptopatronum ransomware
CryptoPatronum

There is no Yara-Signature yet.