Videos
Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.
- Distribution Method : Unknown
- MD5 : c3294c90474063dfb0d28ef8a693a6cb
- Major Detection Name : a variant of Win32/Filecoder.HydraCrypt.L (ESET), Ransom_CRYPTOMIX.I (Trend Micro)
- Encrypted File Pattern : <Random Filename>.MOLE66
- Malicious File Creation Location : C:\ProgramData\<Random>.exe
- Payment Instruction File : _HELP_INSTRUCTIONS_.TXT
- Major Characteristics :
- Offline Encryption
- CryptFile2 / CryptoMix / CryptoShield / HydraCrypt / Revenge / Zeta Ransomware series
- Stop system services (sc stop VVS)
- Disable system restore (vssadmin.exe Delete Shadows /All /Quiet, bcdedit /set {default} recoveryenabled No, bcdedit /set {default} bootstatuspolicy ignoreallfailures)