Jigsaw Ransomware (.<Original Extension> Contact onlineservices1@usa.com Hacked by Z3b1 your ID [MI0985547KE] .locked) - Videos - CheckMAL

Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

Distribution Method : Unknown

MD5 : 111963c3b0430a46c0fea99eeeafbfc7

Major Detection Name : Trojan/Win32.RL_Jigsaw.C3527835 (AhnLab V3), Ransom:MSIL/JigsawLocker.A (Microsoft)

Encrypted File Pattern : .<Original Extension> Contact onlineservices1@usa.com Hacked by Z3b1 your ID [MI0985547KE] .locked

Malicious File Creation Location :
- C:\Users\%UserName%\\AppData\Roaming\Frfx
- C:\Users\%UserName%\\AppData\Roaming\Frfx\firefox.exe
- C:\Windows\System32\Explrer
- C:\Windows\System32\Explrer\explorer.exe
- C:\Windows\System32\System32Work
- C:\Windows\System32\System32Work\Address.txt
- C:\Windows\System32\System32Work\dr
- C:\Windows\System32\System32Work\EncryptedFileList.txt

Major Characteristics :
- Offline Encryption
- Ramsey Ransomware series
- Create a fake ".NET Framework Initialization Error" message
- Automatically delete encrypted files every hour.