CryptON Ransomware (.<Random Number>.ransomed@india.com) - Videos - CheckMAL

Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

Distribution Method : Remote access through Remote Desktop Protocol(RDP) or Terminal Services

MD5 : 4f3ae7ca15fdd003d92541eff1369c97

Major Detection Name : Trojan.Ransom.Crypton (ALYac), a variant of Win32/GenKryptik.BZSO (ESET)

Encrypted File Pattern : .<Random Number>.ransomed@india.com

Malicious File Creation Location :
- C:\Users\%UserName%\AppData\Roaming\%UserName%
- C:\Users\%UserName%\AppData\Roaming\%UserName%\<%UserName%>_body.exe
- C:\Users\%UserName%\AppData\Roaming\%UserName%\HOWTODECRYPTFILES.html

Payment Instruction File : HOWTODECRYPTFILES.html

Major Characteristics :
- Cry9 / Cry36 / Cry128 / Losers / Nemesis / X3M Ransomware series
- Changes desktop background (C:\Users\%UserName%\AppData\Roaming\%UserName%\HXTORXRDQ3PMD7TPB.bmp)