Videos
Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.
- Distribution Method : Unknown
- MD5 : 56c3236f5c15336c54eb45e6a8831f49
- Major Detection Name : a variant of Win32/Kryptik.GGLX (ESET), Ransom_Purga.R002C0OE618 (Trend Micro)
- Encrypted File Pattern : <Random Filename>.amnesia
- Malicious File Creation Location : C:\Users\%UserName%\AppData\Roaming\osk.exe
- Payment Instruction File : HOW TO RECOVER ENCRYPTED FILES.TXT
- Major Characteristics :
- Offline Encryption
- Scarab / Scarabey Ransomware series
- Block processes execution (isqlplussvc.exe, msftesql.exe, sqlagent.exe, sqlbrowser.exe, sqlserver.exe, sqlservr.exe, sqlwriter.exe etc.)
- Disable system restore (wbadmin delete systemstatebackup -keepversions:0, wmic SHADOWCOPY DELETE, vssadmin Delete Shadows /All /Quiet, bcdedit /set {default} recoveryenabled No, bcdedit /set {default} bootstatuspolicy ignoreallfailures)