Just when we think we have removed a threat like Cryptolocker for a little while another comes along, although not as bad it is still ransomware. In 2013 ransomware attacks rocketed by 500% and not just that, with Cryptolocker they turned just plain bad.
"The experts recently encountered a variant, dubbed TROJ_POSHCODER.A, that uses the Windows PowerShell feature to encrypt victim’s files with Advanced Encryption Standard (AES). Bad actors use WindowsPowershell to implement detection avoidance techniques, however, once discovered the use ofPowerShell, decrypting and analyzing this malware was not too difficult.
“Since it uses Powershell, TROJ_POSHCODER.A is script-based, which is not common for ransomware. It uses AES to encrypt the files, and RSA4096 public key cryptography to exchange the AES key. When executed, it adds registry entries, encrypts files, and renames them to {filename}.POSHCODER. It also dropsUNLOCKYOURFILES.html into every folder. Once all files on the infected system are encrypted, it displays the following image.”"
Full Article