Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

Ranzy Locker Ransomware (.RANZYLOCKED)

  • Distribution Method : Unknown
  • MD5 : 00e4808514cc401027e426b128182991
  • Major Detection Name : A variant of Win32/Filecoder.RanzyLocker.A (ESET), Ransom.Win32.RANZYLOCKER.B (Trend Micro)
  • Encrypted File Pattern : .RANZYLOCKED
  • Payment Instruction File : readme.txt
  • Major Characteristics :
     - Offline Encryption
     - Ako / ThunderX Ransomware series
     - Block processes execution (dbsnmp.exe, msaccess.exe, mysqld_opt.exe, outlook.exe, thunderbird.exe, winword.exe etc.)
     - Stop multi services (MSSQLFDLauncher, MSSQLSERVER, SQLBrowser, SQLSERVERAGENT, SQLWriter, vmicheartbeat, vmickvpexchange, vmicshutdown)
     - Disable system restore (wmic.exe SHADOWCOPY /nointeractive, vssadmin.exe Delete Shadows /All /Quiet)