MSIL/Filecoder.PL!tr.ransom
Analysis
MSIL/Filecoder.PL!tr.ransom is a detection for a Ransomware Filecoder trojan, possibly targeting French Users.
Below are some of its observed characteristics/behaviours:
- This malware may drop any of the following file(s):
- %UserProfile%\readme.txt : This text file will serve as ransom note.
- Affected files of this Ransomware will use the filenaming format {OriginalFilename.Ext}.enc.
- This Ransomware encrypts the files with the following file extensions:
- .txt
- .doc
- .docx
- .xls
- .xlsx
- .ppt
- .pptx
- .odt
- .jpg
- .png
- .csv
- .sql
- .mdb
- .sln
- .php
- .asp
- .aspx
- .html
- .xml
- .psd
- .odt
- .swp
- Below is an illustration of the malware's Ransom notes:
- Figure 1: Ransom note.
Recommended Action
- Make sure that your FortiGate/FortiClient system is using the latest AV database.
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
Telemetry
Detection Availability
FortiClient | |
---|---|
Extreme | |
FortiMail | |
Extreme | |
FortiSandbox | |
Extreme | |
FortiWeb | |
Extreme | |
Web Application Firewall | |
Extreme | |
FortiIsolator | |
Extreme | |
FortiDeceptor | |
Extreme | |
FortiEDR |