It destroys the documents from shadow copies, disables Windows Error Recovery support and then executes serious of controls to destroy the user’s ability from recovering the information after it encrypted.
The PXJ Ransomware code seems to be a new one, it does not share any underlying code with known ransomware families.
Cybercriminals packed the ransomware using an Open source intelligence packer called UPX, the packer is notorious for supporting multiple document formats.
Once the encryption finished it appends a”PXJ” extension and drops a file called”LOOK.txt” which has the ransom note.
The ransomware encrypts these files includes photos and images, databases, files, videos and other documents on the device.
Once these services are disabled it begins the encryption process, for encryption, it employs both AES and RSA algorithms.
The distribution process of the ransomware strain remains unknown, but largely through emails, once it gets into the user system it checks with Recycle Bin and empties it.