Ransomware

Create a staging directory and generate a cryto key there. Discover the directories inside a user's home folder then safely encrypt all files inside the directories using the generated key. Compress the staging directory to prepare the crypto key for exfiltration and open a ransom note on the system.

Execute this chain

Download Operator (1.7.0)
Learn about Operator

TTPs

List directories in current users home folder
Create a staging directory
Create a crypto key
Archive exfiltration directory
Recursively encrypt a directory
Remove ransomed files from disk
Leave encrypted data recovery note

Tags

wizard spider, kaseya vsa attack, ransomware