Microsoft: Spam campaign uses updated variant of Java-based StrRAT malware that steals confidential data while disguising itself as a ransomware infection. The malware can steal browser credentials, log keystrokes and take remote control of an infected system. Microsoft: “This remote access Trojan is infamous for its ransomware-like behavior of appending the file name extension to files without actually encrypting them” The name extension prevents users from opening the file with a double click, enabling the attackers to go for a quick and easy extortion attempt.”]
Source: https://www.cuinfosecurity.com/strrat-masquerades-as-ransomware-a-16725