Videos
Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.
- Distribution Method : Unknown
- MD5 : b278d7ec3681df16a541cf9e34d3b70a
- Major Detection Name : Ransomware/Win.DarkSide.R427805 (AhnLab V3), Win32/Filecoder.DarkSide.A (ESET)
- Encrypted File Pattern : .<8-Digit Random Extension>
- Malicious File Creation Location : C:\Users\%UserName%\AppData\Local\<Encryption Extension>.ico
- Payment Instruction File : README.<Encryption Extension>.TXT
- Major Characteristics :
- Offline Encryption
- Use a "RHM Ltd" Digital Signatures
- File encryption using system file "C:\Windows\SysWOW64\cmd.exe"
- Disable system restore (Get-WmiObject Win32_Shadowcopy | ForEach-Object {$_.Delete();})
- Change encrypted file (.<8-Digit Random Extension>) icon (HKEY_CLASSES_ROOT\95112f33\DefaultIcon)
- Changes desktop background (C:\ProgramData\<Encryption Extension>.BMP)