PewPew Ransomware (.id-<Random>.[pewpew@TuTa.io].abkir) - Videos - CheckMAL

Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

Distribution Method : Unknown

MD5 : 202bf9be9a4e45526e482f08104717ad

Major Detection Name : Hoax.Win32.FakeRansom.is (Kaspersky), Ransom.Pewpew (Malwarebytes)

Encrypted File Pattern : .id-<Random>.[pewpew@TuTa.io].abkir

Malicious File Creation Location :
- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\info-decrypt.hta
- C:\Users\%UserName%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\info-decrypt.hta

Payment Instruction File : info-decrypt.hta / info-decrypt.txt

Major Characteristics :
- Offline Encryption
- Turns off Windows Firewall (netsh.exe Advfirewall set allprofiles state off)
- Disable system restore (vssadmin.exe delete shadows /all /quiet)