Enigma Ransomware (.enigma / enigma.hta + enigma_encr.html) - Videos - CheckMAL

Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

Distribution Method : Unknown

MD5 : adebeba5e237dbb268fb67c5588d32c0

Major Detection Name : Trojan/Win32.Crynigma.C1521794 (AhnLab V3), A variant of Win32/Filecoder.Enigma.F (ESET)

Encrypted File Pattern : .enigma

Malicious File Creation Location :
- C:\Users\%UserName%\AppData\Local\Temp\enigma.hta
- C:\Users\%UserName%\AppData\Local\Temp\ENIGMA.RSA
- C:\Users\%UserName%\AppData\Local\Temp\enigma_encr.html
- C:\Users\%UserName%\Desktop\ENIGMA.RSA
- C:\Users\%UserName%\Desktop\enigma_encr.html

Payment Instruction File : enigma.hta / enigma_encr.html

Major Characteristics :
- Offline Encryption
- The Russian users are targeted.
- Disable system restore (vssadmin.exe delete shadows /all /quiet)
- After completion of encryption, create a fake "Windows Emergency Update" message.