Videos
Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.
- Distribution Method : Unknown
- MD5 : 49eb4afe5b817ed56eacf504c80106d1
- Major Detection Name : Trojan-Ransom.Win32.GandCrypt.cht (Kaspersky), Ransom_HPGANDCRAB.SMG2 (Trend Micro)
- Encrypted File Pattern : .KRAB
- Malicious File Creation Location : C:\Users\%UserName%\AppData\Local\Temp\<Random>.exe
- Payment Instruction File : KRAB-DECRYPT.txt
- Major Characteristics :
- Offline Encryption
- Block processes execution (dbsnmp.exe, msftesql.exe, oracle.exe, sqlagent.exe, sqlbrowser.exe, sqlwriter.exe etc.)
- Disable system restore (wmic.exe shadowcopy delete)