Unlock92 Ransomware (.cdrpt) - Videos - CheckMAL

Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

Distribution Method : Unknown

MD5 : 6d7d20995344fd91d82916b68f20f93d

Major Detection Name : Ransom.Enciphered (Norton), Ransom_CRYPZXAS.F117H4 (Trend Micro)

Encrypted File Pattern : .cdrpt

Malicious File Creation Location :
- C:\Users\%UserName%\Desktop\!!---HOW RESTORE YOUR FILES---!!.jpg
- C:\Users\%UserName%\Desktop\klc.eet
- C:\Users\%UserName%\Documents\!!---HOW RESTORE YOUR FILES---!!.jpg
- C:\Users\%UserName%\Documents\klc.eet

Payment Instruction File : !!---HOW RESTORE YOUR FILES---!!.jpg

Major Characteristics :
- Offline Encryption
- Kozy.Jozy / Naampa / Unlckr Ransomware series
- The Russian users targeted
- Disable system restore (vssadmin.exe Delete Shadows /All /Quiet)