Amnesia Ransomware (<Random Filename>.onion) - Videos - CheckMAL

Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

Distribution Method : Unknown

MD5 : 168ec5747fb3bf62aef3a3d36976aefd

Major Detection Name : Trojan.Ransom.Amnesia.A (BitDefender), Ransom_AMNESIA.D (Trend Micro)

Encrypted File Pattern : <Random Filename>.onion

Malicious File Creation Location : C:\Users\%UserName%\AppData\Roaming\guide.exe

Payment Instruction File : HOW TO RECOVER ENCRYPTED FILES.TXT

Major Characteristics :
- Offline Encryption
- Disable system restore (vssadmin Delete Shadows /All /Quiet, vssadmin Delete Shadows /for=<Drive Letter>: /All, wbadmin DELETE SYSTEMSTATEBACKUP -keepVersions:0, wmic SHADOWCOPY DELETE, bcdedit /set {default} recoveryenabled No)
- Disable Registry Editor (regedit.exe) and Task Manager (Taskmgr.exe)