Posts tagged CryptoJoker

CryptoJoker targets Windows OS and spreads via spam and phishing campaigns. It infects systems by disguising the installation file as a PDF. Once the executable is launched, it maintains persistence, contacts its C2 server, terminates various processes, deletes Shadow Volume Copies, disables Windows startup repair, scans all mapped drives, and encrypts files using AES-256 encryption. Once encrypted, affected files will display the .crjoker extension.

Read More