Wesker Ransomware (<Original Filename>.<Original Extension>) - Videos - CheckMAL

Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

Distribution Method : Unknown

MD5 : 9de434f0afed54dc53e1dcb11bc69fb7

Major Detection Name : Win32:CrypterX-gen [Trj] (Avast), A Variant Of Win32/Kryptik.GTBX (ESET)

Encrypted File Pattern : <Original Filename>.<Original Extension>

Malicious File Creation Location :
- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\!!!INSTRUCTION_RNSMW!!!.txt
- C:\ProgramData\!!!INSTRUCTION_RNSMW!!!.txt
- C:\Users\%UserName%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\!!!INSTRUCTION_RNSMW!!!.txt

Payment Instruction File : !!!INSTRUCTION_RNSMW!!!.txt

Major Characteristics :
- Offline Encryption
- Disable system restore (wmic.exe shadowcopy delete, vssadmin delete shadows /all /quiet)