Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

WastedLocker Ransomware (.easy2lock)

  • Distribution Method : Unknown
 
  • MD5 : 7e34c5bd27f25a1e1d47a27702708e28
 
  • Major Detection Name : Win32/Filecoder.WastedLocker.A (ESET), Ransom:Win32/WastedLocker.B!cert (Microsoft)
 
  • Encrypted File Pattern : .easy2lock
 
  • Malicious File Creation Location :
     - C:\Users\%UserName%\AppData\Roaming\<Random>
     - C:\Users\%UserName%\AppData\Roaming\<Random>:bin
     - C:\Users\%UserName%\AppData\Roaming\<Random>
     - C:\Users\%UserName%\AppData\Roaming\<Random>:bin
     - C:\Windows\SysWOW64\<Random>.exe
 
  • Payment Instruction File : <Original Filename>.<Original Extension>.easy2lock_read_me
 
  • Major Characteristics :
     - Offline Encryption
     - Use a PWOYSOWZEJWCQHVXGZ Digital Signatures
     - Create an ADS (Alternate Data Stream) file and encrypt the files.
     - Register ransomware malicious file as a service (C:\Windows\SysWOW64\<Random>.exe -s)
     - Disable system restore (vssadmin.exe Delete Shadows /All /Quiet)

List

위로