Blue Hexagon Blog

Ransomware Families – Smrss32

Smrss32 was discovered in August 2016.

Unique to Smrss32 is that it targets 6,674 file extensions, while most ransomware will target around 100 file extensions, though this list did not include case insensitive comparing. 

Smrss32 is not delivered through email but is manually installed on systems which allow unsecured RDP connections. When encrypting files Smrss32 adds .encrypted to the targeted files. 

The ransom for Smrss32 is 1 Bitcoin (roughly $600 in 2016) 

If you are interested in learning about other Ransomware families that we have published research reports on you can read more here