It encrypts local files and modifies the Master Boot Record (MBR) to display a ransom note upon reboot, effectively locking the entire system.
It spreads through drive-by downloads disguised as a fake Adobe Flash Player update.
Signifies this is the first volume of a multi-part set.
Once inside a network, it uses the EternalRomance exploit to move laterally and infect other machines. 🛡️ Critical Safety Steps