Videos
Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.
- Distribution Method : Automatic infection using exploit by visiting website
- MD5 : e2bb1b0c5bba9ac4be20fb71051b965d
- Major Detection Name : Win-Trojan/RansomCrypt.Exp (AhnLab V3)
- Encrypted File Pattern : .CRAB
- Malicious File Creation Location : C:\Users\Public\<Random>.exe
- Payment Instruction File : CRAB-DECRYPT.txt
- Major Characteristics :
- File encryption using svchost.exe system file
- Block processes execution (msftesql.exe, oracle.exe, sqlagent.exe, sqlbrowser.exe, sqlservr.exe, sqlwriter.exe etc.)
- Automatically reboot Windows after file encryption is complete