Videos
Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.
- Distribution Method : Unknown
- MD5 : e64dbe09fc1805177d9058a40807e128
- Major Detection Name : Ransom:Win32/Genasom (Microsoft), Ransom_LERITH.I (Trend Micro)
- Encrypted File Pattern : <Original Filename>.AdolfHitler
- Malicious File Creation Location : C:\Users\%UserName%\AppData\Local\Temp\_Adolf Hitler_.mp3
- Payment Instruction File : _Adolf Hitler_.bmp / _Adolf Hitler_.mp3
- Major Characteristics :
- Offline Encryption
- The German users targeted
- Disable Task Manager (Taskmgr.exe)
- Disable system restore (vssadmin delete shadow /all /quiet, wmic shadowcopy delete, bcdedit /set {default} boostatuspolicy ignoreallfailures, bcdedit /set {default} recoveryenabled no, wbadmin delete catalog -quiet)
- Disable the User Account Control (UAC)
- Play background music on file encryption
- Changes desktop background (C:\Windows\戮충교쒼暠튬.bmp)