映像

様々なランサムウェアに対応するAppCheckの事前防御、自動復旧およびリアルタイムバックアップ機能を映像でご確認いただけます。

  • Distribution Method : Remote access through Remote Desktop Protocol(RDP) or Terminal Services
 
  • MD5 : 20c2d13d8a19d5564ac4f2555803ffb0
 
  • Encrypted File Pattern : .oppo
 
  • Malicious File Creation Location :
     - C:\Windows\testsrvsmb.exe
     - C:\testsrvsmb.exe
 
  • Payment Instruction File : HOW TO BACK YOUR FILES.txt / HOW TO RECOVER !!.TXT
 
  • Major Characteristics :
     - Offline Encryption
     - Mallox Ransomware series
     - Disable Raccine ransomware protection
     - Block processes execution (fdlauncher.exe, MsDtsSrvr.exe, mysql.exe, oracle.exe, ReportingServecesService.exe, sqlwriter.exe etc.)
     - Disable system restore (vssadmin.exe delete shadows /all /quiet, bcdedit /set {current} bootstatuspolicy ignoreallfailures, bcdedit /set {current} recoveryenabled no)
     - Add testsrvsmb service registration value (C:\Windows\testsrvsmb.exe)

リスト

위로