Smrss32 targets Windows OS and is distributed manually via Remote Desktop Protocol (RDP). Smrss32 identifies itself as CryptoWall, although it is not as sophisticated. Smrss32 is named after its executable file, smrss32.exe, and targets 6,674 file extensions. It uses an AES symmetrical encryption algorithm and appends .encrypted to encrypted file names. Smrss32 demands a ransom payment of 1 Bitcoin.

UPDATE: 8/26/2016: Smrss32 is now being distributed via email containing malicious attachments masquerading as news about the US election.

  • Softpedia provides more information about Smrss32 here.
  • Victims impacted by Smrss32 can contact security researchers on the Bleeping Computer forum here for possible free file decryption.

One example of the Smrss32 variant. Image Source: Bleeping Computer