Videos
Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.
- Distribution Method : Unknown
- MD5 : 19d6b5657daa3387853dd02e0bfd38e9
- Major Detection Name : Malware/Win64.RL_Ransom.R333333 (AhnLab V3), Ransom.Sorena.GO (Malwarebytes)
- Encrypted File Pattern : .Email=[MasterFile001@protonmail.com]ID=[<Random>].sorena
- Payment Instruction File : how_to_decrypt.txt
- Major Characteristics :
- Offline Encryption
- Block processes execution (sqlceip.exe, sqlservr.exe, sqlwriter.exe)
- Stop MSSQL$SQLEXPRESS service
- Empty the trash (rmdir <Drive Letter>:\$Recycle.Bin /s /q)