Videos
Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.
- Distribution Method : Unknown
- MD5 : 65a91bdb3b625460859180e9492fe40e
- Major Detection Name : Ransom.HiddenTear (Malwarebytes), Trojan:MSIL/HiddenTear.B (Microsoft)
- Encrypted File Pattern : .id-<Random>[FileFixer@ProtonMail.com].LOCKED
- Malicious File Creation Location :
- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HOW TO RECOVER YOUR FILES !!!.txt
- C:\Users\%UserName%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HOW TO RECOVER YOUR FILES !!!.txt
- C:\Windows\Vss\ALL YOUR FILES HAVE BEEN ENCRYPTED!!!!.exe
- C:\Windows\Vss\Email1.txt
- C:\Windows\Vss\Email2.txt
- C:\Windows\Vss\HOW TO RECOVER YOUR FILES !!!.txt
- C:\Windows\Vss\ID.txt
- Payment Instruction File : HOW TO RECOVER YOUR FILES !!!.txt
- Major Characteristics : Hidden-Tear open source based ransomware