Videos
Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.
- Distribution Method : Unknown
- MD5 : cf41961a1d3938368445e1d0d77c46c3
- Major Detection Name : a variant of Win32/Filecoder.FS (ESET), Trj/Ransom.M (Panda)
- Encrypted File Pattern : <Random Filename>.[byd@india.com].SON
- Malicious File Creation Location : C:\Users\%UserName%\AppData\Roaming\svchost32.exe
- Payment Instruction File : HOW TO RECOVER ENCRYPTED FILES.TXT
- Major Characteristics :
- Disable system restore (vssadmin Delete Shadows /All /Quiet, bcdedit /set {default} recoveryenabled No)
- Changes desktop background (C:\Users\%UserName%\{3D7BFB00-447E-447E-52C0-5F21FE313BD9}.bmp)