Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

NM4 Ransomware (.NMCRYPT)

  • Distribution Method : Remote access through Remote Desktop Protocol(RDP) or Terminal Services
 
  • MD5 : eb14e96402e409c974c3ad8087d1b669
 
  • Encrypted File Pattern : .NMCRYPT
 
  • Payment Instruction File : Recovers your files.html
 
  • Major Characteristics :
     - Offline Encryption
     - NMoreira / XPan Ransomware series
     - Block processes execution (fb_inet_server.exe, pg_ctl.exe, sqlservr.exe)
     - Stop multi services (%Exchange%, %Firebird%, %MSSQL%, %postgresql%, %SQL%, %wsbex% etc.)
     - Disable system restore (vssadmin.exe Delete Shadows /All /Quiet)
     - Deletes event log (wevtutil cl Application, wevtutil cl security, wevtutil cl setup, wevtutil cl system)

List

위로