Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

  • Distribution Method : Unknown
 
  • MD5 : 84c1567969b86089cc33dccf41562bcd
 
  • Major Detection Name : Ransomware/Win.DarkSide.R424199 (AhnLab V3), Win32:DarkSide-C [Ransom] (Avast)
 
  • Encrypted File Pattern : .<8-Digit Random Extension>
 
  • Malicious File Creation Location : C:\ProgramData\<Encryption Extension>.ico
 
  • Payment Instruction File : README.<Encryption Extension>.TXT
 
  • Major Characteristics :
     - Offline Encryption
     - Change encrypted file (.<8-Digit Random Extension> icon (HKEY_CLASSES_ROOT\<8-Digit Random Extension>\DefaultIcon)
     - Block processes execution (dbsnmp, oracle, TeamViewer.exe, vmcompute.exe, vmms.exe, vmwp.exe etc.)
     - Stop multi services (agntsvc, encsvc, GxVss, isqlplussvc, mydesktopservice, sqbcoreservice etc.)
     - Changes desktop background (C:\ProgramData\<Encryption Extension>.BMP)

List

위로