Welcome to the Virus Encyclopedia of Panda Security.
It is designed to affect mainly Russian speaking users and its main aim is to obtain financial gains. It locks the affected users' computer and in order to unlock it they are required to pay a certain sum of money. It spreads through the system drives, both mapped and removable.
|First detected on:||Aug. 26, 2009|
|Detection updated on:||Aug. 28, 2009|
Ransom.G is a worm designed to affect mainly Russian speaking users and whose main aim is to obtain financial gains.
In order to do so, it locks the affected users' computer and it will not be unlocked until they send an sms to a certain number in order to obtain some code that will unlock the computer.
Additionally, it ends several processes, like the Windows Registry Editor and the Task manager, which allows to view the processes that are being run.
Ransom.G spreads through the system drives, both mapped and removable, making copies of itself in them.
Ransom.G is easy to recognize, as it shows the following symptoms:
- It reaches the computer in a file which has the following icon:
- When the computer is started, it displays the following message in Russian, informing users that their computer will be locked until they send an sms to a certain number in order to obtain some code that will unlock the computer: