Videos
Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.
- Distribution Method : Unknown
- MD5 : 5681810eac83a2a2be01e93b8b7d8382
- Major Detection Name : Ransom:Win32/Phobos.PB!MTB (Microsoft), Ransom.Win32.MAKOP.F (Trend Micro)
- Encrypted File Pattern : .[<Random>-W].[restoring.data@protonmail.com].makop
- Malicious File Creation Location : C:\Users\%UserName%\Desktop\readme-warning.txt
- Payment Instruction File : readme-warning.txt
- Major Characteristics :
- Offline Encryption
- Block processes execution (agntsvc.exe, dbsnmp.exe, encsvc.exe, excel.exe, oracle.exe, outlook.exe etc.)
- Stop multi services (MsDtsServer130, MSSQLFDLauncher, ReportServer, storflt, TMBMServer, vmicguestinterface etc.)
- Disable system restore (vssadmin delete shadows /all /quiet, wbadmin delete catalog -quiet, wmic shadowcopy delete)