Zeppelin Ransomware (.<3-Digit Random>-<3-Digit Random>-<3-Digit Random> / !!! HOW TO BACK YOUR FILES !!!.TXT) - Videos - CheckMAL

Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

Distribution Method : Unknown

MD5 : efc275dbc9e66fbbc84cfac31aeabfd0

Major Detection Name : Trojan.Ransom.VegaLocker (ALYac), TR/AD.ZardRansom.syyyt (Avira)

Encrypted File Pattern : .<3-Digit Random>-<3-Digit Random>-<3-Digit Random>

Malicious File Creation Location :
- C:\Users\%UserName%\AppData\Local\Temp\~temp001.bat
- C:\Users\%UserName%\AppData\Roaming\Microsoft\Windows\<Random>.exe

Payment Instruction File : !!! HOW TO BACK YOUR FILES !!!.TXT

Major Characteristics :
- Offline Encryption
- Buran / Jumper / VegaLocker Ransomware series
- Disable system restore (bcdedit /set {default} bootstatuspolicy ignoreallfailures, bcdedit /set {default} recoveryenabled no, wbadmin delete catalog -quiet, wbadmin delete systemstatebackup, wbadmin delete systemstatebackup -keepversions:0, wbadmin delete backup, wmic shadowcopy delete, vssadmin delete shadows /all /quiet)