Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

  • Distribution Method : Unknown
 
  • MD5 : 7d83cd6f17c692e31ff3f2ea757bef38
 
  • Major Detection Name : Ransom.HiddenTear!g1 (Norton), Ransom_RAMSIL.SM (Trend Micro)
 
  • Encrypted File Pattern : .locked
 
  • Malicious File Creation Location :
     - C:\Users\%UserName%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BID.exe
     - C:\Users\%UserName%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CrY-Decrypter.exe
 
  • Payment Instruction File : READ_AND_CRY_<Random>.txt
 
  • Major Characteristics :
     - Offline Encryption
     - Hidden-Tear open source based ransomware
     - Changes desktop background (C:\Users\%UserName%\Desktop\CrY.jpg)

List

위로