Videos
Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.
- Distribution Method : Unknown
- MD5 : 16a29314e8563135b18668036a6f63c8
- Major Detection Name : a variant of Win32/Filecoder.PwndLocker.A (ESET), Trojan-Ransom.Win32.Pwnd.b (Kaspersky)
- Encrypted File Pattern : .pwnd
- Payment Instruction File : H0w_T0_Rec0very_Files.txt
- Major Characteristics :
- Offline Encryption
- ProLock Ransomware series
- Stop multi services (Acronis VSS Provider, AcronisAgent, Alerter, BackupExecAgentAccelerator, CSFalconService, McAfeeFramework etc.)
- Disable system restore (vssadmin.exe delete shadows /all /quiet, vssadmin.exe resize shadowstorage /for=<Drive Letter>: /on=<Drive Letter>: /maxsize=401MB, vssadmin.exe resize shadowstorage /for=<Drive Letter>: /on=<Drive Letter>: /maxsize=unbounded)