As time goes one, more and more novel ransomware families are surfacing, each with a variety of their own tactics. While this is a new family of ransomware, the techniques used by this ransomware are relatively standard. Numerous detection capabilities around this ransomware exist, many of which are likely already employed by organizations. For one, many organizations already employ queries to detect the “.crypt” file extension. Other detection capabilities around this ransomware include monitoring value additions to the “Run” registry key as well as to the two “sShortDate” registry keys. Additionally, it may be beneficial to monitor DNS requests to AnonFiles as well, as files hosted on this site are often malicious.
https://www.bleepingcomputer.com/news/security/previously-unidentified-arcrypter-ransomware-expands-worldwide/
