Videos
Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.
- Distribution Method : CVE-2019-19781
- MD5 : 48452dd2506831d0b340e45b08799623
- Major Detection Name : a variant of Win32/Filecoder.Ragnarok.A (ESET), Ransom.Win32.RAGNAROK.A (Trend Micro)
- Encrypted File Pattern : .ragnarok
- Payment Instruction File : !!ReadMe_To_Decrypt_My_Files.txt
- Major Characteristics :
- Offline Encryption
- Disable Windows Defender (DisableAntiSpyware, DisableRealtimeMonitoring, DisableBehaviorMonitoring, DisableOnAccessProtection)
- Turns off Windows Firewall (netsh advfirewall set allprofiles state off)
- Block processes execution (excel, note, powerpnt, sql, winword)
- Disable system restore (vssadmin delete shadows /all /quiet, bcdedit /set {current} bootstatuspolicy ignoreallfailures, bcdedit /set {current} recoveryenabled no)