A new ransomware has been floating around for the past few weeks, and only now have we been able to find information on it.
Dubbed Smrss32 based on internal project settings of the malware, this ransomware encrypts files with AES and appends the extension ".encrypted" (which is also used by several other ransomwares). The ransom note "_HOW_TO_Decrypt.bmp" is dropped in every folder that is hit, and will look like the following image, asking the victim to contact the criminals at firstname.lastname@example.org, among other email addresses.
Among the large wall of text, it does try to call itself "CryptoWall Software", but it is in no way nearly as sophisticated as the real thing.
Based on the way this ransomware behaves, and the project file associated with it, it is assumed this variant is spread via manual RDP hacks into a system.
I do not recommend paying the ransom at this time.
If you have been hit by this ransomware, please post 2-3 different well-known encrypted files here (e.g. .png, .doc, .docx, .xls, .xlsx, .pdf, or .zip), and we will contact you via PM with a key and decrypter.
Edited by Demonslay335, 22 August 2016 - 02:36 PM.