Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

Non Ransomware (.non)

  • Distribution Method : Installation via DanaBot malware
  • MD5 : e48067d2ad6adcbf2e4cf7e705d4bd82
  • Major Detection Name : Trojan:Win32/Danabot.K (Microsoft), Ransom_CryFile.R03FC0WDU19 (Trend Micro)
  • Encrypted File Pattern : .non
  • Malicious File Creation Location :
     - C:\Users\%UserName%\AppData\Local\Temp\b.bat
     - C:\Users\%UserName%\AppData\Local\Temp\svchost.exe
  • Payment Instruction File : HowToBackFiles.txt
  • Major Characteristics :
     - Offline Encryption
     - Blitzkrieg Ransomware series
     - Disable Windows Defender (DisableAntiSpyware)
     - Stop multi services (mssqlfdlauncher, mssqlserver, mysql, sqlwriter, TeamViewer, wuauserv etc.)
     - Block processes execution (armsvc.exe, IAStorDataMgrSvc.exe, isa.exe, jusched.exe, tv_x64.exe, Veam.EndPoint.Tray.exe etc.)
     - Disable system restore (Disable-ComputerRestore "<Drive Letter>:\", vssadmin delete shadows /all)
     - Deletes event log (Clear-EventLog "Windows PowerShell")
     - Empty the trash (Clear-RecycleBin -Confirm:$false)