Clop Ransomware (<Original Filename>.<Original Extension> / README_README.txt) - Videos - CheckMAL

Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

Distribution Method : Unknown

MD5 : a98dc09226b97ddc0d959e0aaa08abe0

Major Detection Name : Trojan/Win32.ClopRansom.R356029 (AhnLab V3), Ransom_HydraCrypt.R002C0DJA20 (Trend Micro)

Encrypted File Pattern : <Original Filename>.<Original Extension>

Payment Instruction File : README_README.txt

Major Characteristics :
- Offline Encryption
- Use an "Insta Software Solution Inc." Digital Signatures
- Disable a Microsoft Security Client ("C:\Program Files\Microsoft Security Client\Setup.exe" /x /s)
- Deletes event log (wevtutil.exe cl "AirSpaceChannel", wevtutil.exe cl "Analytic", wevtutil.exe cl "Application", wevtutil.exe cl "EndpointMapper", wevtutil.exe cl "HardwareEvents", wevtutil.exe cl "Microsoft-Windows-Backup" etc.)