Magniber Ransomware (.<7~9 Digit English Small Letter Random Extension> / README.<Encryption Extension>.html) - Videos - CheckMAL

Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

Distribution Method : Automatic infection using exploit by visiting website

Encrypted File Pattern : .<7~9 Digit English Small Letter Random Extension>

Malicious File Creation Location : C:\Users\%UserName%\AppData\Local\Temp\<Random>.inf

Payment Instrucition File : README.<Encryption Extension>.html

Major Characteristics :
- File encryption using system file "C:\Windows\system32\rundll32.exe"
- Disable system restore (vssadmin.exe Delete Shadows /all /quiet)