Philadelphia Ransomware (<Random Filename>.locked / How to recover my files.txt) - Videos - CheckMAL

Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

Distribution Method : Unknown

MD5 : 950e2576e29d4770e2246e1e512d812c

Major Detection Name : Trojan.Ransom.Philadelphia.D (BitDefender), Win32/Filecoder.Philadelphia.E (ESET)

Encrypted File Pattern : <Random Filename>.locked

Malicious File Creation Location :
- C:\Users\%UserName%\AppData\Local\Temp\delph1.bin
- C:\Users\%UserName%\AppData\Local\Temp\delph1.dat
- C:\Users\%UserName%\AppData\Local\Temp\pd4ta.bin
- C:\Users\%UserName%\AppData\Local\Temp\pd4ta.dat
- C:\Users\%UserName%\AppData\Roaming\Isass.exe

Payment Instruction File : How to recover my files.txt

Major Characteristics :
- Stampado / Zelta Ransomware series
- AutoIT scripts based Ransomware