Posts tagged Rokku

Rokku targets Windows OS and spreads through a well-written spear-phishing campaign that includes a malicious attachment. Once the victim opens the attachment, Rokku immediately deletes all Shadow Volume Copies to prevent data restoration. It then uses the Salsa20 algorithm to encrypt each targeted data file with its own unique key, stored within the last 252 bytes of the same associated file.

Read More