Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

  • Distribution Method : Unknown
 
  • MD5 : 3cf87e475a67977ab96dff95230f8146
 
  • Major Detection Name : Trojan.Ransom.LockCrypt (ALYac), HEUR:Trojan.Win32.AntiAV (Kaspersky)
 
  • Encrypted File Pattern : .<Original Extension> id-<Random>.BI_D
 
  • Malicious File Creation Location :
     - C:\Windows\DECODE.KEY
     - C:\Windows\notepad+++.exe
     - C:\How To Restore Files.txt
 
  • Payment Instruction File : How To Restore Files.txt
 
  • Major Characteristics :
     - Offline Encryption
     - DXXD / MrDec Ransomware series
     - Encryption starts after killing all process except listed in whitelist processes
     - Turns off User Access Control (UAC)
     - Disable system restore (vssadmin delete shadows /all)
     - Deletes event log

List

위로