Videos
Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.
- Distribution Method : Mail attachment (.js)
- MD5 : 4017e6ee50c43773aa21c893d84ad5b4
- Major Detection Name : Ransom/W32.Purgen.265296 (nProtect), Ransom.GlobeImposter (Norton)
- Encrypted File Pattern : .crypt
- Malicious File Creation Location : C:\Users\Public\<Random>.exe
- Payment Instruction File : !back_files!.html
- Major Characteristics :
- Offline Encryption
- Fake Globe / PSCrypt Ransomware series
- Use a valid "Media Lid" Digital Signatures
- Disable system restore (vssadmin.exe Delete Shadows /All /Quiet)