11/10/2022 0 Comments Open wpe pro![]() ![]() ![]() This means the following: if the file had the name ‘photo-image.jpg’, then after it has been encrypted, it will be called ‘’. To clearly show that the files are encrypted, the ransomware virus appends a new ‘.iisa’ extension at the end of the filename of each encrypted file. orfĪll encrypted files become completely useless, their contents cannot be read in any way. All other files will become the target of the malware, for example, the following file types can be encrypted: In addition, Iisa virus does not encrypt files named ‘_readme.txt’. Therefore, the ransomware does not encrypt files located in the system directory of Windows, as well as files with the following extensions: ‘.sys. Of course, it does not encrypt absolutely all files, since encryption of the Windows system files will cause the computer to stop working. Having determined which key to use, Iisa ransomware virus goes to the main thing – it starts the file encryption process. If a connection to the C&C server has not been established, the ransomware uses a fixed key (so called ‘offline key’), which is unique for each version of STOP (djvu) ransomware, but the same for each case of Iisa infection. Such a key is called ‘online key’ and it is unique for each case of ransomware infection. If Iisa was able to establish a connection with the C&C server, then it sends some information about the victim’s computer to the server, and the server returns a key to it that must be used to encrypt files. Upon infecting a computer, the Iisa ransomware performs the following steps as part of its preparation for encrypting files: creates a folder in the Windows system directory and copies itself to it adds itself to the list of programs that start up every time the computer is turned on collects information about the victim’s computer establishes connection with its command server (C&C). ![]() Typically, criminals use various tricks, for example, disguising the malicious software as a freeware, cracks, activators and key generators, so that victims download and run Iisa virus on their computer. In most cases, this malware requires user actions in order to be installed on the computer. It targets users running Microsoft Windows. Iisa ransomware is a new malware that encrypts files on the victim’s computer and demands a ransom payment to restore access to the contents of these files. Screenshot of files encrypted by Iisa virus (‘.iisa’ file extension) QUICK LINKS ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |