Videos
Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.
- Distribution Method : Unknown
- MD5 : 08945d816ef948fa28ecbf0791ccb061
- Major Detection Name : Generic.Ransom.Mole.A9DB3B71 (BitDefender), Ransom_WYVERN.A (Trend Micro)
- Encrypted File Pattern : .[decryptor@cock.li].dcrtr
- Malicious File Creation Location : C:\Users\%UserName%\AppData\Roaming\msshost.exe
- Payment Instruction File : ReadMe_Decryptor.txt
- Major Characteristics :
- Offline Encryption
- Stop system services (sc stop BITS, sc stop ERSvc, sc stop WerSvc, sc stop WinDefend, sc stop wscsvc, sc stop wuauserv)
- Disable system restore (bcdedit /set {default} bootstatuspolicy ignoreallfailures, bcdedit /set {default} recoveryenabled No, vssadmin delete shadows /all /quiet, wbadmin delete catalog -quiet, wmic shadowcopy delete)
- Block processes execution (Microsoft.Exchange.*, MSExchange*, sqlserver.exe, sqlwriter.exe)