Magniber Ransomware (.<7~9 Digit English Small Letter Random Extension> / README.html / Version .msi + Multi Process) - Videos - CheckMAL

Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

Distribution Method : Downloading a fake Windows update file (.msi)

MD5 : cb655593b429f377974de6a7ae9385a9

Encrypted File Pattern : .<7~9 Digit English Small Letter Random Extension>

Malicious File Creation Location : C:\Windows\Installer\<Random>.msi

Payment Instruction File : README.html

Major Characteristics :
- Offline Encryption
- Encrypting files through code injection into various running processes (Explorer.exe / RuntimeBroker.exe / svchost.exe etc.)
- Disable system restore (vssadmin.exe Delete Shadows /all /quiet, wbadmin.exe delete catalog -quiet, wbadmin.exe delete systemstatebackup -quiet, bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures, bcdedit.exe /set {default} recoveryenabled no)