Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

ShellLocker Ransomware (<Random Filename>.L0cked / #TEAM-UINA Version)

  • Distribution Method : Unknown
  • MD5 : 48b042805973cd16d38134e49ce2d75f
  • Major Detection Name : a variant of MSIL/Filecoder.BQ (ESET), Ransom-VB!48B042805973 (McAfee)
  • Encrypted File Pattern : <Random Filename>.L0cked
  • Malicious File Creation Location : C:\Users\%UserName%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe
  • Major Characteristics :
     - Offline Encryption
     - Exotic Ransomware series
     - Generate a lock screen when encrypting files
     - Block processes execution (CCleaner64, msconfig, procexp, procexp64, regedit, taskmgr)
     - Changes desktop background