Carlos Ransomware (.[<Random>].[vassago0225@airmail.cc].usagoo) - Videos - CheckMAL

Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

Distribution Method : Mail attachment file

MD5 : 25700dce3a33c6a0ab9027c63ce2ef81

Encrypted File Pattern : .[<Random>].[vassago0225@airmail.cc].usagoo

Malicious File Creation Location :
- <Drive Letter>:\YOUR_FILES_ARE_ENCRYPTED
- <Drive Letter>:\YOUR_FILES_ARE_ENCRYPTED\readme-warning.txt

Payment Instruction File : readme-warning.txt

Major Characteristics :
- Offline Encryption
- Block processes execution (agntsrvc.exe, isqlplussvc.exe, msftesql.exe, sqlagent.exe, ocautoupds.exe, thebat64.exe etc.)
- Disable system restore (vssadmin delete shadows /all /quiet, wbadmin delete catalog -quiet, wmic shadowcopy delete)