JSWorm v4.0.1 Ransomware (.[ID-<Random>][RansomwareRecoveryExperts@tutanota.c].JSWORM) - Videos - CheckMAL

Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

Distribution Method : Unknown

MD5 : 06cad770e2077a5b7f50c3280d2667c8

Major Detection Name : Gen:Heur.Ransom.Imps.1 (BitDefender), Ransom.JSWorm (Malwarebytes)

Encrypted File Pattern : .[ID-<Random>][RansomwareRecoveryExperts@tutanota.c].JSWORM

Malicious File Creation Location :
- C:\ProgramData\JSWORM-DECRYPT.txt
- C:\ProgramData\key.<Random>.JSWORM
- C:\ProgramData\user_data.<Random>.JSWORM

Payment Instruction File : JSWORM-DECRYPT.txt

Major Characteristics :
- Offline Encryption
- Disable system restore (vssadmin.exe delete shadows /all /quiet)