Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

Mount Locker Ransomware (.ReadManual.9E2F3FE8)

  • Distribution Method : Unknown
  • MD5 : 9fda38454048a826257cd2e8f86248fc
  • Major Detection Name : Ransomware-HBP!9FDA38454048 (McAfee), Ransom:Win32/DelShad (Microsoft)
  • Encrypted File Pattern : .ReadManual.9E2F3FE8
  • Malicious File Creation Location : C:\Users\%UserName%\Desktop\RecoveryManual.html
  • Payment Instruction File : RecoveryManual.html
  • Major Characteristics :
     - Offline Encryption
     - File encryption using system file "C:\Windows\system32\rundll32.exe" or "C:\Windows\system32\regsvr32.exe"
     - Terminate multiple running processes.
     - Disable system restore (vssadmin.exe delete shadows /all /Quiet)
     - Change encrypted file (.ReadManual.9E2F3FE8) icon and display ransom note(HKEY_CLASSES_ROOT\.9E2F3FE8\shell\Open\command\(Default)=explorer.exe RecoveryManual.html) when user executes it.