Videos
Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.
- Distribution Method : Unknown
- MD5 : 8792587ae79817109a39bf5f0b67ec93
- Major Detection Name : Generic.Ransom.Hiddentear.A.59E0123B (BitDefender), Ransom.HiddenTear (Malwarebytes)
- Encrypted File Pattern : .gоod
- Malicious File Creation Location :
- C:\Windows\System32\info.hta
- C:\Windows\System32\pubby.txt
- C:\Windows\System32\sec.txt
- Payment Instruction File : HOW_TO_RECOVER_FILES.txt / info.hta
- Major Characteristics :
- Offline Encryption
- EDA2 open source based ransomware
- Block processes execution (msftesql, mysqld, oracle, postgres, sqlservr, sqlwriter etc.)
- Disable system restore (wmic SHADOWCOPY DELETE, vssadmin Delete Shadows /All /Quiet)