Videos
Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.
- Distribution Method : Unknown
- MD5 : 70d5953b7cc23387ab23563220e83be4
- Major Detection Name : Trojan.Ransom.CryptoMix (ALYac), Win32/Filecoder.HydraCrypt.K (ESET)
- Encrypted File Pattern : <Random>-email-[webmafia@asia.com].AZER
- Malicious File Creation Location : C:\Users\%UserName%\AppData\Roaming\<Random>.exe
- Payment Instruction File : _INTERESTING_INFORMACION_FOR_DECRYPT.TXT
- Major Characteristics :
- Offline Encryption
- CryptFile2 / CryptoShield / Mole / Revenge / Zeta Ransomware series
- Stop system services (sc stop BITS, sc stop ERSvc, sc stop WerSvc, sc stop wscsvc, sc stop wuauserv, sc stop WinDefend)
- Disable system restore (bcdedit /set {default} bootstatuspolicy, bcdedit /set {default} recoveryenabled No, vssadmin.exe Delete Shadows /All /Quiet)