VashSorena v2 Ransomware (.Id-<Random>.[filerestory@gmail.com].Crypto) - Videos - CheckMAL

Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

Distribution Method : Unknown

MD5 : 9562059383c373900c991d03f3c80b97

Major Detection Name : Gen:Variant.Ransom.Sorena.1 (BitDefender), Trojan-Ransom.Win32.Sorena.p (Kaspersky)

Encrypted File Pattern : .Id-<Random>.[filerestory@gmail.com].Crypto

Payment Instruction File : Unlock_Files.txt

Major Characteristics :
- Offline Encryption
- Block processes execution (sqlceip.exe, sqlservr.exe, sqlwriter.exe)
- Stop MSSQL$SQLEXPRESS service
- Delete directories within a specific folder (C:\Users\Default\AppData, C:\Users\%UserName%\AppData, C:\Users\Public\AppData)
- Empty the trash (rmdir <Drive Letter>:\$Recycle.Bin /s /q)