Paradise Ransomware (.<Original Extension>[id-vN6YLGIr].[yourencrypter@protonmail.ch].b29) - Videos - CheckMAL

Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

Distribution Method : Unknown

MD5 : 887c5bc80bd37358534a340d229305d5

Major Detection Name : Malware/Win32.Ransom_paradise.C2666969 (AhnLab V3), Ransom_PARADISE.THHOFAH (Trend Micro)

Encrypted File Pattern : .<Original Extension>[id-vN6YLGIr].[yourencrypter@protonmail.ch].b29

Malicious File Creation Location :
- C:\Users\%UserName%\AppData\Roaming\DP
- C:\Users\%UserName%\AppData\Roaming\DP\DP2.exe
- C:\Users\%UserName%\AppData\Roaming\DP\RunAsAdmin.dp
- C:\Users\%UserName%\AppData\Roaming\DP\welldone.dp
- C:\Users\%UserName%\AppData\Roaming\Autoclean.bat
- C:\Users\%UserName%\AppData\Roaming\DecryptionInfo.dp

Payment Instruction File : #DECRYPT MY FILES# vN6YLGIr.html

Major Characteristics :
- Offline Encryption
- Delete VSS service