Encryption ransomware for Linux written in C using the OpenSSL library. In most ways, it is similar to Linux.Encoder.1. However, in this modification cybercriminals implemented some other features as well:
- Does not save access privileges in encrypted file headers.
- Employs another pseudorandom number generator.
- Instead of PolarSSL, uses the OpenSSL library.
- Encrypts files in the AES-OFB-128 mode with context reinitialization every 128 bytes, that is every 8 AES blocks.
Doctor Web security researchers have developed a new technique that, in most cases, can help decrypt files compromised by the malware.