OPdailyallowance Ransomware (the new crypto-extortioner)
This crypto-extortioner encrypts user data with AES, and then requires a buyback of 0.3 BTC to return the files.
The sources of ransowmare is Document.exe adnd Adope player. Encrypted files is added the extension . CRYPTR
The original name: Documents . The file says: Documents.exe and Adobe Player . The behavior and the activity of this crypto-extortionist happened at the end of August 2018. It is oriented to English-speaking users, which does not prevent to spread it around the world.
The description of the ransomware is divided ito three files:
INTRUCTION.html
PAYMENT !!!.txt
ATTANTION!!!.txt

Contents of note INTRUCTION.html :
WHAT HAPPEND?
Can not find the files that you need?
Is the content of your files that you need, unreadable?
This is normal because the data has been encrypted. etc…

The contents of the note PAYMENT !!!. Txt:
GET THE KEY DECRYPT FILE, YOU HAVE TO PAY 0,3 BTC TO ADDRESS: 1CajF6395CNBrXxjGqVsALcTvNhyRbQebu

Contents of the note ATTANTION !!!. Txt:
##### ATTANTION !!!. Txt
##### YOUR PRIVATE KEY EXPIRED 3 DAYS IF IT EXCEEDS 3 DAYS WE CAN NOT HELP YOU TO DECRYPT YOUR FILE
##### PLEASE DO NOT TURN OFF YOUR PC AND DO NOT RENAME EXTENSION, IT WILL FILE YOUR CORRUPTION
##### GET THE KEY TO DECRYPT FILE, YOU HAVE PAY 0.3 BTC TO ADDRESS 1CajF6395CNBrXxjGqVsALcTvNhyRbQebu
##### IF YOU SEND EMAIL AND NO REPLY FROM US MORE THAN 2 DAYS PLEASE RESEND YOUR EMAIL
#####
Another informant of the victim is the image replacing the wallpaper of the Desktop.

The ransomware can be distributed by hacking through an unprotected RDP configuration, using email spam and malicious attachments, deceptive downloads, botnets, exploits, web injections, fake updates (Adobe Player, etc.), repackaged and infected installers
List of file extensions to be encrypted:
These are MS Office documents, OpenOffice, PDF, text files, databases, photos, music, video, image files, archives, etc.
Related files for Ransomware:
INTRUCTION.html
PAYMENT !!!. Txt
ATTANTION !!!. Txt
<random> .exe — random name
Locations:
\ Desktop \ ->
\ User_folders \ ->
\% TEMP% \ ->
Network connections and connections:
Email: BM-2cVQmNzy6ZLBWCD4fVYWSCCBSAik2jEUuy@bitmessage.ch
BTC: 1CajF6395CNBrXxjGqVsALcTvNhyRbQebu
