Videos
Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.
- Distribution Method : Unknown
- MD5 : 234d17d8978717d33bf53015760878ea
- Major Detection Name : PS/Ransom (AhnLab V3), Ransom.PS1.COLDLOCK.SMY (Trend Micro)
- Encrypted File Pattern : .locked
- Malicious File Creation Location :
- C:\ProgramData\readme.tmp
- C:\Users\%UserName%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\How To Unlock Files.txt
- Payment Instruction File : How To Unlock Files.txt
- Major Characteristics :
- Offline Encryption
- File encryption using Windows PowerShell (C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe)