Videos
Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.
- Distribution Method : Unknown
- MD5 : a5ed2935a9f85c279fce7dde74252434
- Major Detection Name : Ransom.HiddenTear (Malwarebytes), Ransom_RAMSIL.SM (Trend Micro)
- Encrypted File Pattern : <Original Filename>.Lost_Files_Encrypt
- Malicious File Creation Location :
- C:\Users\%UserName%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.lnk
- C:\Users\%UserName%\Documents\Test_Folder
- C:\Users\%UserName%\Documents\Test_Folder\Resources
- C:\Users\%UserName%\Documents\Test_Folder\Resources\32BitRun.exe
- C:\Users\%UserName%\Documents\Test_Folder\Resources\Installer_exe.exe
- C:\Users\%UserName%\Documents\Test_Folder\Resources\SecurityUpdater.exe.exe
- C:\Users\%UserName%\Documents\Test_Folder\Resources\ShortCutVBS.vbs
- C:\Users\%UserName%\Documents\Test_Folder\Resources\Temp_Test.tester
- C:\Users\%UserName%\Documents\Test_Folder\Resources\Windows.LNK
- C:\Users\%UserName%\Documents\Test_Folder\Windows Security Scanner.exe
- Payment Instruction File : Ransomware Lost Files Message.txt
- Major Characteristics :
- Offline Encryption
- Wiper method
- Create a fake "Windows Security Scanner" installation