Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

Waldo Ransomware (<Original Filename>.<Original Extension> / READ_ME.txt / Version Korean)

  • Distribution Method : Disguised as a crack file
 
  • MD5 : 31c45ab3f79dec6a0f8ca63326b1a2f6
 
  • Major Detection Name : Trojan.Ransom.Waldo (ALYac), Trojan.Win64.S.Waldo.23751730 (ViRobot)
 
  • Encrypted File Pattern : <Original Filename>.<Original Extension>
 
  • Malicious File Creation Location : C:\Users\%UserName%\Desktop\READ_ME.txt
 
  • Payment Instruction File : READ_ME.txt
 
  • Major Characteristics :
     - Offline Encryption
     - Persephone Ransomware series
     - The Korean users targeted.
     - Data corruption method

List

위로