A new ransomware has been discovered called CryptoJoker that encrypts your data using AES-256 encryption and then demands a ransom in bitcoins to get your files back. The CryptoJoker installer is disguised as a PDF file, which means it is probably distributed via email phishing campaigns. Once the installer is executed it will download or generate numerous executables in the %Temp% folder and one in the %AppData% folder.
When CryptoJoker encrypts your data it will scan all drives, including mapped network drives, on the victim’s computer for files with certain extensions. When it discovers a targeted extension it will encrypt the file and change the filename it so it has a .crjoker extension appended to it. For example, Dog.jpg would become Dog.jpg.crjoker.
Files Associated with CryptoJoker:
Registry Entries associated with CryptoJoker;