Researchers discovered the Flash ransomware-like program while checking new submissions to VirusTotal. This software belongs to the Dcrtr ransomware family. After running a sample of Flash on our test machine, it started encrypting files and changing their names. The original titles were completed with the cybercriminals' email address and a ".flash" extension. Once the encryption process was completed, Flash ransomware created/displayed ransom notes in a pop-up window ("Decryptor.hta") and a text file ("ReadMe_Decryptor.txt").