Videos
Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.
- Distribution Method : Unknown
- MD5 : 0f743287c9911b4b1c726c7c7edcaf7d
- Major Detection Name : Ransom-Anabelle!0F743287C991 (McAfee), Ransom_LEBANA.THBBBAH (Trend Micro)
- Encrypted File Pattern : .ANNABELLE
- Major Characteristics :
- Offline Encryption
- Stupid Ransomware series
- After completion of encryption, windows reboots automatically (shutdown.exe -r -f -t 0), and launches Screen Lock message
- Blocks execution of system processes (cmd.exe, gpedit.msc, msconfig.exe, taskmgr.exe, etc.) by adding registry value related to Image File Execution Options
- Disable system restore (vssadmin delete shadows /all /quiet)
- Turns off Windows Firewall (NetSh Advfirewall set allprofiles state off)
- Turns off User Access Control (UAC)