RickRoll Locker Ransomware (.cryptoid) - Videos - CheckMAL

Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

Distribution Method : Unknown

MD5 : 1403b5704defee8949e82077638b9181

Major Detection Name : W32/Crypren.AEZU!tr.ransom (Fortinet), Ransom_Crypren.R002C0OA919 (Trend Micro)

Encrypted File Pattern : .cryptoid

Malicious File Creation Location :
- C:\Users\%UserName%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CRYPTOID_BLOCKED.txt
- C:\Users\%UserName%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CRYPTOID_HELP.txt
- C:\Users\%UserName%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CRYPTOID_MESSAGE.txt
- C:\Users\%UserName%\AppData\Roaming\000000000.key

Payment Instruction File : CRYPTOID_BLOCKED.txt / CRYPTOID_HELP.txt / CRYPTOID_MESSAGE.txt

Major Characteristics :
- Offline Encryption
- Aurora Ransomware series