Cryakl Ransomware (email-komar@tuta.io.ver-CL 1.5.1.0.id-<Random>-<Random>.fname-<Original Filename>.<Original Extension>.doubleoffset)
2018. 07. 19. 6,802
Distribution Method : Unknown MD5 : 15b823576b8c09046d1b66d43e65690a Major Detection Name : Generic.Ransom.Cryak.B1176E72 (BitDefender), Ransom:Win32/Cryakl.A (Microsoft) Encrypted File Pattern : email-komar@tuta.io.ver-CL 1.5.1.0.id-<Random>-<Random>.fname-<Original Filename>.<Original Extension>.doubleoffset Malicious File Creation Location : C:\Users\%UserName%\AppData\Local\Temp\<Random>.exe Payment Instruction File : README.txt Major Characteristics : - Offline Encryption - Neutralizes system recovery by adding to task schedular: VssDataRestore, which executes command vssadmin delete shadows /all /quiet
List