Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

BTCWare Ransomware (.[prt.nyke@protonmail.ch].master)

  • Distribution Method : Unknown
 
  • MD5 : ba5f661903016e1db6185d95fe9d0c60
 
  • Major Detection Name : DeepScan:Generic.Ransom.BTCWare.F36A95CE (BitDefender), Ransom:Win32/Betisrypt!rfn (Microsoft)
 
  • Encrypted File Pattern : .[prt.nyke@protonmail.ch].master
 
  • Malicious File Creation Location : C:\Users\%UserName%\AppData\Roaming\!#_RESTORE_FILES_#!.inf
 
  • Payment Instruction File : !#_RESTORE_FILES_#!.inf
 
  • Major Characteristics :
         - Offline Encryption
         - Crptxxx Ransomware series
         - Disable system restore (vssadmin.exe Delete Shadows /All /Quiet, bcdedit.exe /set {default} recoveryenabled No)
         - Changes desktop background (C:\Users\%UserName%\AppData\Roaming\1.bmp)

List

위로