Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

  • Distribution Method : Unknown
 
  • MD5 : fee6ba9a0d7a805b3281d4f955821c1c
 
  • Major Detection Name : a variant of Win32/Filecoder.Buran.H (ESET), Ransom.Jamper.brn (Malwarebytes)
 
  • Encrypted File Pattern : .<3-Digit Random>-<3-Digit Random>-<3-Digit Random>
 
  • Payment Instruction File : !!! ALL YOUR FILES ARE ENCRYPTED !!!.TXT
 
  • Major Characteristics :
 - Offline Encryption
 - Buran / Jumper / VegaLocker Ransomware series
 - Disable and Blocks Registry Editor (regedit.exe) and Task Manager (Taskmgr.exe)
 - Block processes execution (agntsvc.exe, anvir64.exe, backup.exe, dbsnmp.exe, kingdee.exe, msftesql.exe etc.)
 - Disable system restore (bcdedit /set {default} bootstatuspolicy ignoreallfailures, bcdedit /set {default} recoveryenabled no, wbadmin delete catalog -quiet, wbadmin delete systemstatebackup, wbadmin delete systemstatebackup -keepversions:0, wbadmin delete backup, wmic shadowcopy delete, vssadmin delete shadows /all /quiet)

List

위로