DLL Fixer leads to Cyrat Ransomware

Karsten Hahn writes about a new ransomware, Cyrat:

While hunting for new malware we often use Yara rules to find suspicious samples. One of my generic ransomware hunt rules found this new ransomware sample. At the time it had only 2 detections on Virustotal. The first submission date is 25. August 2020.


The malware disguises as DLL fixer 2.5 (see image below). Upon execution it will display a randomly created number of corrupted DLLs it pretends to have found on the system. After the system has been encrypted, a success message for fixing the DLLs is shown.

h/t, @campuscodi


About the author: Dissent

Comments are closed.