Videos
Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.
- Distribution Method : Unknown
- MD5 : 7b16fbd06e3442bc9055208abd8f1ef3
- Major Detection Name : Ransom.XARCryptor (Malwarebytes), Ransom.Win32.IMPS.THACAAI (Trend Micro)
- Encrypted File Pattern : .cosanostra
- Malicious File Creation Location : C:\Users\%UserName%\AppData\Roaming\_uninstalling_.png
- Payment Instruction File : #RECOVERY_FILES#.txt
- Major Characteristics :
- Offline Encryption
- Outsider Ransomware series
- Disable system restore (vssadmin.exe delete shadows /all /quiet)