Videos
Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.
- Distribution Method : Unknown
- MD5 : fb1cb205656a373e1f5e25840fe23c4d
- Major Detection Name : Win32:Ranzy-B [Ransom] (Avast), W32/RanzyLocker.437A!tr.ransom (Fortinet)
- Encrypted File Pattern : .ranzy
- Payment Instruction File : readme.txt
- Major Characteristics :
- Offline Encryption
- Ako / ThunderX Ransomware series
- Block processes execution (infopath.exe, mysqld.exe, outlook.exe, sqlwriter.exe, thunderbird.exe, visio.exe etc.)
- Stop multi services (MSSQLFDLauncher, MSSQLSERVER, SQLBrowser, SQLWriter, vmicheartbeat, vmickvpexchange etc.)
- Disable system restore (wmic.exe SHADOWCOPY /nointeractive, vssadmin.exe Delete Shadows /All /Quiet, bcdedit.exe /set {default} recoveryenabled No)