Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

Ragnarok Ransomware (.ragnarok / !!ReadMe_To_Decrypt_My_Files.txt)

  • Distribution Method : CVE-2019-19781
  • MD5 : 48452dd2506831d0b340e45b08799623
  • Major Detection Name : a variant of Win32/Filecoder.Ragnarok.A (ESET), Ransom.Win32.RAGNAROK.A (Trend Micro)
  • Encrypted File Pattern : .ragnarok
  • Payment Instruction File : !!ReadMe_To_Decrypt_My_Files.txt
  • Major Characteristics :
     - Offline Encryption
     - Disable Windows Defender (DisableAntiSpyware, DisableRealtimeMonitoring, DisableBehaviorMonitoring, DisableOnAccessProtection)
     - Turns off Windows Firewall (netsh advfirewall set allprofiles state off)
     - Block processes execution (excel, note, powerpnt, sql, winword)
     - Disable system restore (vssadmin delete shadows /all /quiet, bcdedit /set {current} bootstatuspolicy ignoreallfailures, bcdedit /set {current} recoveryenabled no)