According to current knowledge of the Trojan is currently distributed primarily via e-mail delivery. But the infection via a malicious website merchandise is conceivable in which the computer is scanned by the visitor to click on the vulnerabilities. If a vulnerability is found, for example, in Java, the malicious code installed on their machine and that could now even the current encryption under Windows Trojans have.
https://support.kaspersky.com/downloads/utils/rannohdecryptor.exe
https://support.kaspersky.com/faq/?qid=208286527
