Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

VashSorena v2 Ransomware (.Id-<Random>.[].Crypto)

  • Distribution Method : Unknown
  • MD5 : 9562059383c373900c991d03f3c80b97
  • Major Detection Name : Gen:Variant.Ransom.Sorena.1 (BitDefender), Trojan-Ransom.Win32.Sorena.p (Kaspersky)
  • Encrypted File Pattern : .Id-<Random>.[].Crypto
  • Payment Instruction File : Unlock_Files.txt
  • Major Characteristics :
     - Offline Encryption
     - Block processes execution (sqlceip.exe, sqlservr.exe, sqlwriter.exe)
     - Stop MSSQL$SQLEXPRESS service
     - Delete directories within a specific folder (C:\Users\Default\AppData, C:\Users\%UserName%\AppData, C:\Users\Public\AppData)
     - Empty the trash (rmdir <Drive Letter>:\$Recycle.Bin /s /q)