Videos
Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.
- Distribution Method : Remote access through Remote Desktop Protocol(RDP) or Terminal Services
- MD5 : 60bed1c4463cec744c7f671fe1374c18
- Major Detection Name : Ransom:Win32/Phobos.PB!MTB (Microsoft), Ransom_Phobos.R002C0DJL20 (Trend Micro)
- Encrypted File Pattern : .[<Random>].[davidcastle@msgsafe.io].zes
- Malicious File Creation Location : C:\Users\%UserName%\Desktop\readme-warning.txt
- Payment Instruction File : readme-warning.txt
- Major Characteristics :
- Offline Encryption
- Block processes execution (agntsrvc.exe, dbsnmp.exe, mysqld-opt.exe, outlook.exe, sqlagent.exe, sqlbrowser.exe etc.)
- Disable system restore (vssadmin delete shadows /all /quiet, wbadmin delete catalog -quiet, wmic shadowcopy delete)