![]() When this task is complete, the actual encryption begins. First, every drive is populated with the ransom note file (named RECOVERY INFORMATION.txt). If that drive is valid (fixed, removable or network), the encryption of the drive proceeds. Each drive is checked for the drive type by GetDriveType(). ![]() List of processes killed by the TargetCompany ransomwareĪfter these preparations, the ransomware gets the mask of all logical drives in the system using the GetLogicalDrives() Win32 API.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |