Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

Desync Ransomware (.DESYNC)

  • Distribution Method : Unknown
  • MD5 : 871c3954914b8339f4812a8ff53be653
  • Major Detection Name : W32/Gen.DESYNC!tr.ransom (Fortinet), Ransom-Desync!871C3954914B (McAfee)
  • Encrypted File Pattern : .DESYNC
  • Malicious File Creation Location : C:\Users\%UserName%\AppData\Local\Temp<Random>.<Random>.bat
  • Payment Instruction File : # HOW TO DECRYPT YOUR FILES #.txt
  • Major Characteristics :
     - Offline Encryption
     - Disable system restore (wmic shadowcopy delete, bcdedit /set {default} bootstatuspolicy ignoreallfailures, bcdedit /set {default} recoveryenabled no, wbadmin deletecatalog -quiet)