Videos
Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.
- Distribution Method : Unknown
- MD5 : d3686a0c5829c91c24191d70fab4fe0a
- Major Detection Name : Ransom.WormLocker (Malwarebytes), Ransom:MSIL/WormLocker.DA!MTB (Microsoft)
- Encrypted File Pattern : <Original Filename>.<Original Extension>
- Malicious File Creation Location :
- C:\Windows\System32\LogonUI.exe
- C:\Windows\System32\LogonUIinf.exe
- C:\Windows\System32\LogonUItrue.exe
- C:\Windows\System32\ransom_voice.vbs
- C:\Windows\System32\WormLocker2.0.exe
- Major Characteristics :
- Offline Encryption
- Create Lock Screen message at Windows startup/shutdown by changing "C:\Windows\System32\LogonUI.exe" file
- Disable and Blocks Task Manager (DisableTaskMgr)
- Encryption guide using Text-to-Speech (TTS) function