Videos
Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.
- Distribution Method : Unknown
- MD5 : db8d2fa8ab3ae1ed767e34792ee23629
- Major Detection Name : Trojan.Ransom.Scarab (ALYac), Trojan.Ransom.BZM (BitDefender)
- Encrypted File Pattern : <Random Filename>.mvp
- Malicious File Creation Location : C:\Users\%UserName%\AppData\Roaming\systems.exe
- Payment Instruction File : Êàê ðàñøèôðîâàòü ôàéëû.TXT
- Major Characteristics :
- Offline Encryption
- Amnesia / Scarabey Ransomware series
- Block processes execution (isqlplussvc.exe, msftesql.exe, mydesktopqos.exe, mysqld-nt.exe, mysqld-opt.exe, sqbcoreservice.exe etc.)
- Checks following folder name for encryption: Adobe, Firebird, Microsoft, Microsoft SQL Server, Microsoft SQL Server Compact Edition, MSSQL.1, Oracle.
- Disable system restore (wbadmin DELETE SYSTEMSTATEBACKUP -keepVersions:0, wmic SHADOWCOPY DELETE, vssadmin Delete Shadows /All /Quiet, bcdedit /set {default} recoveryenabled No, bcdedit /set {default} bootstatuspolicy ignoreallfailures)