Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

  • Distribution Method : Unknown
 
  • MD5 : 16a29314e8563135b18668036a6f63c8
 
  • Major Detection Name : a variant of Win32/Filecoder.PwndLocker.A (ESET), Trojan-Ransom.Win32.Pwnd.b (Kaspersky)
 
  • Encrypted File Pattern : .pwnd
 
  • Payment Instruction File : H0w_T0_Rec0very_Files.txt
 
  • Major Characteristics :
     - Offline Encryption
     - ProLock Ransomware series
     - Stop multi services (Acronis VSS Provider, AcronisAgent, Alerter, BackupExecAgentAccelerator, CSFalconService, McAfeeFramework etc.)
     - Disable system restore (vssadmin.exe delete shadows /all /quiet, vssadmin.exe resize shadowstorage /for=<Drive Letter>: /on=<Drive Letter>: /maxsize=401MB, vssadmin.exe resize shadowstorage /for=<Drive Letter>: /on=<Drive Letter>: /maxsize=unbounded)

List

위로