Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

  • Distribution Method : Remote access through Remote Desktop Protocol(RDP) or Terminal Services
 
  • MD5 : 20c2d13d8a19d5564ac4f2555803ffb0
 
  • Encrypted File Pattern : .oppo
 
  • Malicious File Creation Location :
     - C:\Windows\testsrvsmb.exe
     - C:\testsrvsmb.exe
 
  • Payment Instruction File : HOW TO BACK YOUR FILES.txt / HOW TO RECOVER !!.TXT
 
  • Major Characteristics :
     - Offline Encryption
     - Mallox Ransomware series
     - Disable Raccine ransomware protection
     - Block processes execution (fdlauncher.exe, MsDtsSrvr.exe, mysql.exe, oracle.exe, ReportingServecesService.exe, sqlwriter.exe etc.)
     - Disable system restore (vssadmin.exe delete shadows /all /quiet, bcdedit /set {current} bootstatuspolicy ignoreallfailures, bcdedit /set {current} recoveryenabled no)
     - Add testsrvsmb service registration value (C:\Windows\testsrvsmb.exe)

List

위로