Cryakl Ransomware (email-komar@tuta.io.ver-CL 1.5.1.0.id-<Random>-<Random>.fname-<Original Filename>.<Original Extension>.doubleoffset) - Videos - CheckMAL

Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

Distribution Method : Unknown

MD5 : 15b823576b8c09046d1b66d43e65690a

Major Detection Name : Generic.Ransom.Cryak.B1176E72 (BitDefender), Ransom:Win32/Cryakl.A (Microsoft)

Encrypted File Pattern : email-komar@tuta.io.ver-CL 1.5.1.0.id-<Random>-<Random>.fname-<Original Filename>.<Original Extension>.doubleoffset

Malicious File Creation Location : C:\Users\%UserName%\AppData\Local\Temp\<Random>.exe

Payment Instruction File : README.txt

Major Characteristics :
- Offline Encryption
- Neutralizes system recovery by adding to task schedular: VssDataRestore, which executes command vssadmin delete shadows /all /quiet