Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

Enigma Ransomware (.enigma / enigma.hta + enigma_encr.html)

  • Distribution Method : Unknown
 
  • MD5 : adebeba5e237dbb268fb67c5588d32c0
 
  • Major Detection Name : Trojan/Win32.Crynigma.C1521794 (AhnLab V3), A variant of Win32/Filecoder.Enigma.F (ESET)
 
  • Encrypted File Pattern : .enigma
 
  • Malicious File Creation Location :
     - C:\Users\%UserName%\AppData\Local\Temp\enigma.hta
     - C:\Users\%UserName%\AppData\Local\Temp\ENIGMA.RSA
     - C:\Users\%UserName%\AppData\Local\Temp\enigma_encr.html
     - C:\Users\%UserName%\Desktop\ENIGMA.RSA
     - C:\Users\%UserName%\Desktop\enigma_encr.html
 
  • Payment Instruction File : enigma.hta / enigma_encr.html
 
  • Major Characteristics :
     - Offline Encryption
     - The Russian users are targeted.
     - Disable system restore (vssadmin.exe delete shadows /all /quiet)
     - After completion of encryption, create a fake "Windows Emergency Update" message.

List

위로