Once executed on the victim’s computer, the ransomware drops a file in the ApplicationData folder, while also dropping the ransom note in the targeted files’ folders. The malware also adds a series of registry keys, creates a unique ID and sends it to a remote location, after which it starts encrypting files using AES encryption.

Read full news article on SecurityWeek