|
|
|
|
|
|
by simias
3322 days ago
|
|
|
I'm surprised by how carefully the worm seems to be coded. They make sure they have an internet connection, they check for disk space in order not to run out while encrypting, they save a backup copy of the "tasksched" executable before replacing it, they shutdown databases (I assume in order to prevent corruption?) etc... I guess they want to make sure the decryption process will work without any issue so that the victim will be more likely to pay other ransoms or spread word of mouth that it does actually work. I wish all software devs were as thorough as these people... |
|
|