映像
様々なランサムウェアに対応するAppCheckの事前防御、自動復旧およびリアルタイムバックアップ機能を映像でご確認いただけます。
- Distribution Method : Unknown
- MD5 : 84fd701f2766bbc17790b38fabb06231
- Major Detection Name : TR/Ransom.HDMR.A (Avira), Ransom.BinADS (Malwarebytes)
- Encrypted File Pattern : .hdmr
- Malicious File Creation Location : C:\Users\Public\Documents\1.bat
- Payment Instruction File : ReadMeAndContact.txt
- Major Characteristics :
- Offline Encryption
- Block processes execution (backup*, encsvc*, excel*, sql*, xchange*, zoolz* etc.)
- Stop multi services (acronis*, exchange*, msdts*, pdvf*, pop3*, xchange* etc.)
- Disable system restore (vssadmin Delete Shadows /all /quiet, vssadmin resize shadowstorage /for=<Drive Letter>: /on=<Drive Letter>: /maxsize=401MB, vssadmin resize shadowstorage /for=<Drive Letter>: /on=<Drive Letter>: /maxsize=unbounded)
- Delete backup files (*.bac, *.bak, *.bkf, *.dsk, *.set, *.VHD, *.wbcat, *.win, Backup*.*, backup*.*)