Security researcher, Michael Gillespie and Bleeping Computer was the first to discover the suspicious ransomware that appeared on Windows phones. While, the ransomware is currently under development; it is only gearing up for a larger distribution campaign.
The ransomware is being distributed as PokemonGo.exe file under the disguise of the Pikachu icon. Clicking the ransomware’s EXE starts the encryption process. After the encryption, the ransomware automatically adds a registry key that hides an account named ‘Hack3r.’ It copies itself on to all fixed and removable drives to ensure its survival.
Researchers say this ransomware is based under the Hidden Tear project, an open-sourced ransomware released last year that contains an encryption backdoor. This version is only available in Arabic, for the time being and researchers are confident that this is only being tested. A bigger, more-planned attack will be initiated with time.
Users fallen victim to this attack are advised not the pay the ransom and contact Bleeping Computer or Michael Gillespie to get to know about the availability of a free decrypter.
