Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

WannaCry / WannaCryptor Ransomware (.WNCRY)

  • Distribution Method : Remote infection and access by SMB vulnerability
 
  • MD5 : 84c82835a5d21bbcf75a61706d8ab549
 
  • Major Detection Name : Trojan.Ransom.WannaCryptor.A (BitDefender), Ransom:Win32/WannaCrypt (Microsoft)
 
  • Encrypted File Pattern : .WNCRYT → .WNCRY
 
  • Malicious File Creation Location :
         - C:\Users\%UserName%\AppData\Roaming\tor

     - \\msg
     - \\TaskData
     - \\TaskData\Data
     - \\TaskData\Tor\taskhsvc.exe
     - \\TaskData\Tor\tor.exe
     - \\@WanaDecryptor@.exe
     - \\@WanaDecryptor@.exe.lnk
     - \\taskdl.exe
     - \\taskse.exe

 

  • Payment Instruction File : @Please_Read_Me@.txt
 
  • Major Characteristics :
         - Offline Encryption
         - Creates Payment Instruction File in 28 languages
         - Changes Desktop Background(C:\Users\%UserName%\Desktop\@WanaDecryptor@.bmp)

List

위로