- Distribution Method : Unknown
- MD5 : 0c4a84b66832a08dccc42b478d9d5e1b
- Major Detection Name : Ransomware/Win.Pandora.C5011109 (AhnLab V3), Trojan-Ransom.Win64.Pandora.a (Kaspersky)
- Encrypted File Pattern : .pandora
- Payment Instruction File : Restore_My_Files.txt
- Major Characteristics :
- Offline Encryption
- AstraLocker / Babuk Locker / ChiChi Locker / DARKY LOCK / Delta Plus / Rook Ransomware series
- Recovery Partition (M:\) + EFI System Partition (N:\) drives are activate.
- Disable system restore (vssadmin.exe delete shadows /all /quiet)
List