Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

Magniber Ransomware (.<7~9 Digit English Small Letter Random Extension> / README.html / Version .msi + Multi Process)

  • Distribution Method : Downloading a fake Windows update file (.msi)
 
  • MD5 : cb655593b429f377974de6a7ae9385a9
 
  • Encrypted File Pattern : .<7~9 Digit English Small Letter Random Extension>
 
  • Malicious File Creation Location : C:\Windows\Installer\<Random>.msi
 
  • Payment Instruction File : README.html
 
  • Major Characteristics :
     - Offline Encryption
     - Encrypting files through code injection into various running processes (Explorer.exe / RuntimeBroker.exe / svchost.exe etc.)
     - Disable system restore (vssadmin.exe Delete Shadows /all /quiet, wbadmin.exe delete catalog -quiet, wbadmin.exe delete systemstatebackup -quiet, bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures, bcdedit.exe /set {default} recoveryenabled no)

List

위로