Python/Encoder.CK!tr.ransom

description-logoAnalysis

Python/Encoder.CK!tr.ransom is a generic detection for a Ransomware Encoder trojan. Since this is a generic detection, this malware may have varying behaviour.
Below are some of its observed characteristics/behaviours:

  • This malware may drop any of the following file(s):
    • %AllUsersProfile%\Public\AdobeAAMUpdater.exe : This file is a copy of W32/Encoder.CK!tr.ransom.
  • This Ransomware was not observed to leave ransom notes.
  • This Ransomware attempts to find the taskbar and encrypts the shortcuts within it.
  • Affected files of this Ransomware will use the filenaming format OriginalFilename.rain in which the original file extension is replaced.
  • This Ransomware was observed to infect files with the following extensions:
    • .doc
    • .lnk
    • .pdf
    • .png
    • .pptx
    • .html
    • .xls
    • .txt

recommended-action-logoRecommended Action

  • Make sure that your FortiGate/FortiClient system is using the latest AV database.
  • Quarantine/delete files that are detected and replace infected files with clean backup copies.

Telemetry logoTelemetry

Detection Availability

FortiClient
Extreme
FortiMail
Extreme
FortiSandbox
Extreme
FortiWeb
Extreme
Web Application Firewall
Extreme
FortiIsolator
Extreme
FortiDeceptor
Extreme
FortiEDR

Version Updates

Date Version Detail
2019-08-13 70.68900 Sig Updated
2019-07-18 70.07100 Sig Updated