Malware that exists persistently in the system’s registry can’t be detected as a file, rendering the usual AV detection methods useless. The malware itself, at least in the case examined by GData, exploits Microsoft Office in order to infect a system. FoxIT and FireEye have teamed-up to offer some help for those who might still be struggling with CryptoLocker infections. The two security firms are offering a service that they’re calling DecryptCryptoLocker, at no cost.”]
Source: https://www.csoonline.com/article/2461828/salted-hash-live-from-black-hat-usa-day-2.html