Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

DarkSide Ransomware (.<8-Digit Random Extension> / README.<Encryption Extension>.TXT / Version cmd.exe)

  • Distribution Method : Unknown
 
  • MD5 : b278d7ec3681df16a541cf9e34d3b70a
 
  • Major Detection Name : Ransomware/Win.DarkSide.R427805 (AhnLab V3), Win32/Filecoder.DarkSide.A (ESET)
 
  • Encrypted File Pattern : .<8-Digit Random Extension>
 
  • Malicious File Creation Location : C:\Users\%UserName%\AppData\Local\<Encryption Extension>.ico
 
  • Payment Instruction File : README.<Encryption Extension>.TXT
 
  • Major Characteristics :
     - Offline Encryption
     - Use a "RHM Ltd" Digital Signatures
     - File encryption using system file "C:\Windows\SysWOW64\cmd.exe"
     - Disable system restore (Get-WmiObject Win32_Shadowcopy | ForEach-Object {$_.Delete();})
     - Change encrypted file (.<8-Digit Random Extension>) icon (HKEY_CLASSES_ROOT\95112f33\DefaultIcon)
     - Changes desktop background (C:\ProgramData\<Encryption Extension>.BMP)

List

위로