1

Ransomware is injected as a script which encrypts all the data and requires a ransom from us.

We don't have to open the script to execute it. It is self-executing.

How it will be able to access and encrypt all files without admin privilege?

UPDATE

from https://www.trendmicro.com/vinfo/us/security/definition/ransomware

Police ransomware is also notable for infecting user32.DLL, a known critical file. Infecting a critical file can be considered an evasion technique as it can help prevent detection by behavioral monitoring tools due to whitelisting. Additionally, cleaning critical files such as user32.DLL requires extra care as one misstep can crash a system, which could be seen as a possible obstacle for cleaning tools.

The infected user32.DLL performs a chain of routines that ends with the ransomware being loaded. It also locks the infected computer's screen and projects a “ransom” image, similar to previous police ransomware messages.

Community
  • 1
i--
  • 225
  • 2
  • 10
  • It is not a duplicate. The question is updated @techraf – i-- Mar 28 '17 at 06:07
  • If it was not a duplicate, why did you get an answer that is the same as under the other question? Did you downvote the answer and comment that it was wrong? – techraf Mar 28 '17 at 06:21
  • @techraf It is talking about user file encryption. But this one is not. Read the things in the blockquote. It won't allow to go to the desktop. – i-- Mar 28 '17 at 06:24
  • The answer is right according to my question before edit. It is my fault. I didn't be more specific. But now I edited it. @techraf – i-- Mar 28 '17 at 06:25
  • You posted a not only duplicate question, but a verbatim duplicate and then claimed it was not. Also: you have abused the quote. The article does not claim POSHCODER infects user32.DLL - it is your own invention. – techraf Mar 28 '17 at 06:28
  • The things in blockquote is copied from the site @techraf – i-- Mar 28 '17 at 06:29
  • Your last comment is a lie. The referenced page does not contain the string `POSHCODER ransomware is also` - which you claim is a quote. – techraf Mar 28 '17 at 06:33
  • My mistake. I didn't saw the subtitle. – i-- Mar 28 '17 at 06:39
  • 1
    In your question you ask about crypto-ransomware (encrypting files) while the quote you've included is about police ransomware (blocking use of computer, but not encrypting). I think you need to be clear first what you are asking about. – Steffen Ullrich Mar 28 '17 at 06:47
  • Quite a number of mistakes for such a detailed, well-thought, non-duplicate question... `Police ransomware is also` is also your invention. I also got a downvote on the answer - it's of course a coincidence that your reputation changed from 129 to 128 at the same moment. You are not that miserable to downvote someone's answer because that person pointed several mistakes in what you wrote, are you? – techraf Mar 28 '17 at 07:04

1 Answers1

2

It doesn't have to access ALL files in order to cause damage. It only has to encrypt files that the user created and cares about - family photographs, word documents, etc. The more of the user's files are locked, the worse the damage to the user, and the more likely they'll pay the ransom.

The user account already has all the privilege needed to access his own files.

John Deters
  • 33,650
  • 3
  • 57
  • 110
  • Thanks for your answer. But I am talking about Ransomeware that affect system files. Question edited. Please check it now – i-- Mar 28 '17 at 06:26