Videos
Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.
- Distribution Method : Mail attachment
- MD5 : 0238be91c761efbecdfae656c2de2ecf
- Major Detection Name : Trojan.Ransom.Gryphon (ALYac), Ransom.Locky (Norton)
- Encrypted File Pattern : .[cr7icbfqm64hixta.onion].gryphon
- Malicious File Creation Location : C:\Users\%UserName%\AppData\Roaming\HELP.txt
- Payment Instruction File : !## DECRYPT FILES ##!.txt / HELP.txt
- Major Characteristics :
- Offline Encryption
- BTCWare / Crptxxx / Master Ransomware series
- Disable system restore (vssadmin.exe Delete Shadows /All /Quiet, bcdedit.exe /set {default} recoveryenabled No, bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures)