Videos
Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.
- Distribution Method : Automatic infection using exploit by visiting website
- MD5 : 54a3065cae4df62f8cb0cf5b01906526
- Major Detection Name : Win-Trojan/CryptoShield.Gen (AhnLab V3), Gen:Variant.Ransom.HydraCrypt.28 (BitDefender)
- Encrypted File Pattern : <Random Filename>.<Random>.XAXAX0X0 → <Random Filename>.<Random>.CRYPTOSHIELD
- Malicious File Creation Location :
- C:\ProgramData\MicroSoftTMP
- C:\ProgramData\MicroSoftTMP\system32
- C:\ProgramData\MicroSoftTMP\system32\winlogon.exe
- C:\Users\%UserName%\Music\# RESTORING FILES #.HTML
- C:\Users\%UserName%\Music\# RESTORING FILES #.TXT
- Payment Instruction File : # RESTORING FILES #.HTML / # RESTORING FILES #.TXT
- Major Characteristics :
- Offline Encryption
- CryptFile2 / CryptoMix / HydraCrypt / Mole / Revenge / Zeta Ransomware series
- Disable system restore (vssadmin.exe Delete Shadows /All /Quiet, bcdedit /set {default} recoveryenabled No, bcdedit /set {default} bootstatuspolicy ignoreallfailures)
- Stop VSS service