Videos
Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.
- Distribution Method : Unknown
- MD5 : 3265b2b0afc6d2ad0bdd55af8edb9b37
- Major Detection Name : Trojan/Win32.RegretLocker.R354840 (AhnLab V3), Trojan.TR/AD.RegretRansom.hgyuq (F-Secure)
- Encrypted File Pattern : .mouse
- Malicious File Creation Location :
- C:\Users\%UserName%\AppData\Roaming\Microsoft\Windows\Network Shortcuts\HOW TO RESTORE FILES.TXT
- C:\Windows\System32\Tasks\Mouse Application
- Payment Instruction File : HOW TO RESTORE FILES.TXT
- Major Characteristics :
- Offline Encryption
- Recovery Partition (F:\) + EFI System Partition (H:\) drives are activate.
- Encrypt the file by mounting the virtual disk file (.vhd)
- Adds "Mouse Application" task scheduler to execute of ransomware every minute.
- Block running program processes execution
- Disable system restore(wmic SHADOWCOPY DELETE, wbadmin DELETE SYSTEMSTATEBACKUP, bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures, bcdedit.exe /set {default} recoveryenabled No, vssadmin.exe Delete Shadows /All /Quiet)