Pokemon Go Ransomware | Summary and Q&A

64.7K views
February 2, 2017
by
The PC Security Channel
YouTube video player
Pokemon Go Ransomware

TL;DR

A new Pokemon Go-themed ransomware is targeting Windows systems, encrypting files and causing system crashes.

Install to Summarize YouTube Videos and Get Transcripts

Key Insights

  • 👶 The new Pokemon Go ransomware affects Windows systems and encrypts files, causing significant CPU usage and disk activity.
  • 🚚 It can be delivered through flash drives and remains hidden until activated.
  • 🥺 Ending the ransomware process does not save encrypted files, and a system reboot leads to crashes and a blue screen of death.
  • 👤 Reverse engineering attempts resulted in the system becoming bricked, leaving users without external help.

Transcript

ransomware I choose you that's the thing apparently now on PC so we have a new Pokemon go ransomware which affects Windows systems so I thought I'd take a look at it here's the original file it is only 623 kilobytes in size must be an awfully small Pokemon you might say but when it executes it doesn't leave a very small footprint might be a nice Po... Read More

Questions & Answers

Q: How does the Pokemon Go ransomware infect Windows systems?

The ransomware is typically delivered through flash drives, serving as a popular delivery mechanism. Once executed with admin privileges, it remains hidden and starts encrypting files.

Q: Can ending the ransomware process save encrypted files?

Unfortunately, most files are already encrypted by the time users try to end the task. Ending the process does not reverse the encryption.

Q: What happens upon rebooting the system?

After a system reboot, the desktop becomes unresponsive, eventually crashing and displaying a blue screen of death.

Q: Can the Pokemon Go ransomware be reverse engineered?

While attempts to reverse engineer the ransomware were made, the system ultimately became bricked. Thus, users are left to deal with the ransomware on their own.

Q: Are there any encryption weaknesses in the ransomware?

According to malwarebytes, the ransomware does not have any encryption-related weaknesses. Decrypting files would likely require retrieving the AES 256 password used in the encryption process.

Summary & Key Takeaways

  • A new Pokemon Go ransomware has been discovered, which initially appears as a small file but expands upon execution.

  • The ransomware remains hidden in the system and starts using a significant amount of CPU, encrypting files and causing disk activity to increase.

  • It can also infect flash drives and uses the file extension "stopped locked." Rebooting the system leads to a crashed desktop and a blue screen of death.

Share This Summary 📚

Summarize YouTube Videos and Get Video Transcripts with 1-Click

Download browser extensions on:

Explore More Summaries from The PC Security Channel 📚

DynA-Crypt Ransomware | feat. Karsten from G Data thumbnail
DynA-Crypt Ransomware | feat. Karsten from G Data
The PC Security Channel
Secure Messaging Apps | Skype & Facebook messages aren't private thumbnail
Secure Messaging Apps | Skype & Facebook messages aren't private
The PC Security Channel
Windows Defender vs Ransomware 2022 thumbnail
Windows Defender vs Ransomware 2022
The PC Security Channel
Star Trek Ransomware | Kirk Encryptor thumbnail
Star Trek Ransomware | Kirk Encryptor
The PC Security Channel
Norton buys Avast thumbnail
Norton buys Avast
The PC Security Channel
Best Virus Removal Tools: Cleaning a deeply infected system thumbnail
Best Virus Removal Tools: Cleaning a deeply infected system
The PC Security Channel

Summarize YouTube Videos and Get Video Transcripts with 1-Click

Download browser extensions on: