Ransomware activities originating with Russia don't stop. Constantly looking for committing fraudulent business feeding the information located in the system.
In this case, it's another ransomware that is In-the-Wild, and its detection rate is very low.
When the malicious binary is executed, it causes an alleged error in IE.
Just create a plain text file called xFoLOOOSErs.txt with the following information:
And creates a registry key.
The number stored in this file corresponds to the telephone number the user must send an SMS to unlock the system. However, this is not the only number that uses the cyber criminal, and that also can display the following:
Furthermore, the number of activation may vary between:
File size: 71168 bytes
For any telephone numbers used by this variant of ransomware and above can use any of the following codes:
Maintain updated antivirus program.