Cryakl Ransomware (email-iizomer@aol.com.ver-CL 1.0.0.0.u.id-<Random>-<M>@<D>@<Y> <H>@<M>@<S> <AM/PM><Random>@@@@@<Random>-<Random>.randomn - Videos - CheckMAL

Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

Distribution Method : Unknown

MD5 : bd63aa7e3f041ea8e072a6a267030a49

Major Detection Name : Trojan-Ransom.Win32.Cryakl.alg (Kaspersky), Ransom:Win32/Criakl.D (Microsoft)

Encrypted File Pattern : email-iizomer@aol.com.ver-CL 1.0.0.0.u.id-<Random>-<Month>@<Day>@<Year> <Hour>@<Minute>@<Second> <AM/PM><Random>@@@@@<Random>-<Random>.randomname-<Random>.<Random>.cbf

Malicious File Creation Location :
- C:\Program Files (x86)\service.exe
- C:\Program Files (x86)\Adobe.inc
- C:\Program Files (x86)\Adobe.inc\pdf archive
- C:\Program Files (x86)\Company\pdf archive\service.exe
- C:\Users\%UserName%\AppData\Local\Temp\service.exe

Major Characteristics :
- Offline Encryption
- The Russian users targeted
- Installed and disguised as program "pdf archive 7.8.9", then encrypts files
- Changes desktop background (C:\Users\%UserName%\AppData\Local\Temp\desk.bmp)