Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

Evil Locker Ransomware (.[evil@cock.lu].EVIL)

  • Distribution Method : Unknown
 
  • MD5 : 54ef8e14e8e1dc5a047c546333e60658
 
  • Major Detection Name : Generic.Ransom.Everbe.0072E1A0 (BitDefender), Ransom_LEVILOCK.THGAOAH (Trend Micro)
 
  • Encrypted File Pattern : .[evil@cock.lu].EVIL
 
  • Payment Instruction File : !_HOW_RECOVERY_FILES_!.txt
 
  • Major Characteristics :
     - Offline Encryption
     - Embrace / Everbe / PainLocker Ransomware series
     - Block processes execution (excel.exe, fdhost.exe, mspub.exe, mysqld-nt.exe, sqlagent.exe, thebat64.exe etc.)
     - Deletes multi services (MSSQLFDLauncher, ReportServer, SQLSERVERAGENT, SSISTELEMETRY130, storflt, vmickvpexchange etc.)
     - Disable system restore (vssadmin delete shadows /all /quiet)

List

위로