Xorist-Frozen Ransomware (....PAY_IN_MAXIM_24_HOURS_OR_ALL_YOUR_FILES_WILL_BE_PERMANENTLY_DELETED_PLEASE_BE_REZONABLE_you_have_only_1_single_chance_to_make_the_payment) - Videos - CheckMAL

Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

Distribution Method : Mail attachment (.js)

MD5 : c0306554fda888e1006cf60b31dddd8c

Major Detection Name : Trojan/Win32.Xorist.R25524 (AhnLab V3), Ransom_XORIST.SMA (Trend Micro)

Encrypted File Pattern : .<Original Extension>....PAY_IN_MAXIM_24_HOURS_OR_ALL_YOUR_FILES_WILL_BE_PERMANENTLY_DELETED_PLEASE_BE_REZONABLE_you_have_only_1_single_chance_to_make_the_payment

Malicious File Creation Location :
- C:\Users\%UserName%\AppData\Local\Temp\<Random>.exe
- C:\Users\%UserName%\AppData\Local\TempcNH67.eXe
- C:\Users\%UserName%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HOW TO DECRYPT FILES.txt

Payment Instruction File : HOW TO DECRYPT FILES.txt

Major Characteristics :
- Offline Encryption
- Xorist Ransomware series