Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

  • Distribution Method : Automatic infection using exploit by visiting website
 
  • MD5 : 4ee7d1d370463b47df1371950e54d1dc
 
  • Encrypted File Pattern : .lockbit
 
  • Malicious File Creation Location :
     - C:\Users\%UserName%\AppData\Local\Temp\<Random>.exe
     - C:\Users\%UserName%\Desktop\LockBit-note.hta
 
  • Payment Instruction File : LockBit-note.hta / Restore-My-Files.txt
 
  • Major Characteristics :
     - Offline Encryption
     - EFI System Partition (Y:\) and Recovery Partition (Z:\) drives are activate.
     - Block processes execution (AdobeCollabSync, httpd, mysqld, sqlmangr, supervise, winword etc.)
     - Stop multi services (AcronisAgent, BackupExecVSSProvider, sophos, SQLAgent$VEEAMSQL2012, SQLWriter, YooBackup etc.)
     - Disable system restore (vssadmin delete shadows /all /quiet, wmic shadowcopy delete, bcdedit /set {default} bootstatuspolicy ignoreallfailures, bcdedit /set {default} recoveryenabled no, wbadmin delete catalog -quiet)
     - Changes desktop background (C:\Users\%UserName%\AppData\Local\Temp\<Random>.tmp.bmp)

List

위로