Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

  • Distribution Method : Unknown
 
  • MD5 : 8cd8d46cd6c7e336d2baa2f78d8d0ab4
 
  • Major Detection Name : a variant of MSIL/Filecoder.Zenis.B (ESET), Ransom:MSIL/Zenizozorypt.A (Microsoft)
 
  • Encrypted File Pattern : Zenis-<2 Digits Random>.<Random>
 
  • Payment Instruction File : Zenis-Instructions.html
 
  • Major Characteristics :
         - Offline Encryption
         - BlackRuby / InfiniteTear / WhiteRose Ransomware series
         - Block processes execution (backup, regedit, sql, taskmgr)
         - Delete backup extension files (.bak, .bak2, .bak3, .bff, .bkf, .bkp, .bkup, .bup, .edb, .ful, .obk, .old, .qic, .rbk, .sqb, .stm, .tibkp, .trn, .v2i, .w01, .wbb, .win)
         - Disable system restore (Bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures, Bcdedit.exe /set {default} recoveryenabled no, vssadmin.exe delete shadows /all /Quiet, WMIC.exe shadowcopy delete)
         - Deletes event log (wevtutil.exe cl Application, wevtutil.exe cl Security, wevtutil.exe cl System)

List

위로