Il ransomware è iniettato come uno script che crittografa tutti i dati e richiede un riscatto da parte nostra.
Non è necessario aprire lo script per eseguirlo. È autoeseguibile.
In che modo sarà in grado di accedere e crittografare tutti i file senza privilegio di amministratore?
UPDATE
dal link
Police ransomware is also notable for infecting user32.DLL, a known critical file. Infecting a critical file can be considered an evasion technique as it can help prevent detection by behavioral monitoring tools due to whitelisting. Additionally, cleaning critical files such as user32.DLL requires extra care as one misstep can crash a system, which could be seen as a possible obstacle for cleaning tools.
The infected user32.DLL performs a chain of routines that ends with the ransomware being loaded. It also locks the infected computer's screen and projects a “ransom” image, similar to previous police ransomware messages.