Videos
Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.
- Distribution Method : Unknown
- MD5 : 175418ae583cab2b0c9debc504f323d5
- Major Detection Name : DeepScan:Generic.Ransom.Ouroboros.C7DB7BDE (BitDefender), Ransom.Win32.OUROBOROS.SM (Trend Micro)
- Encrypted File Pattern : .[ID=<Random>][Mail=DecrypterSupport@protonmail.com].Lazarus
- Malicious File Creation Location :
- C:\Users\%UserName%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Read-Me-Now.txt
- C:\ProgramData\info.txt
- C:\ProgramData\uiapp.exe
- C:\Users\%UserName%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Read-Me-Now.txt
- Payment Instruction File : Read-Me-Now.txt
- Major Characteristics :
- Offline Encryption
- Zeropadypt Ransomware series
- Block processes execution (msftesql.exe, mysqld.exe, mysqld-nt.exe, sqlagent.exe, sqlserver.exe, sqlwriter.exe etc.)
- Disable system restore (vssadmin delete shadows /all /y)