Videos
Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.
- Distribution Method : Unknown
- MD5 : 54ef8e14e8e1dc5a047c546333e60658
- Major Detection Name : Generic.Ransom.Everbe.0072E1A0 (BitDefender), Ransom_LEVILOCK.THGAOAH (Trend Micro)
- Encrypted File Pattern : .[evil@cock.lu].EVIL
- Payment Instruction File : !_HOW_RECOVERY_FILES_!.txt
- Major Characteristics :
- Offline Encryption
- Embrace / Everbe / PainLocker Ransomware series
- Block processes execution (excel.exe, fdhost.exe, mspub.exe, mysqld-nt.exe, sqlagent.exe, thebat64.exe etc.)
- Deletes multi services (MSSQLFDLauncher, ReportServer, SQLSERVERAGENT, SSISTELEMETRY130, storflt, vmickvpexchange etc.)
- Disable system restore (vssadmin delete shadows /all /quiet)