Encephalitis Ransomware (Lock.<Original Filename>.<Original Extension>) - Videos - CheckMAL

Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

Distribution Method : Unknown

MD5 : 1a2342c4d51c6cb813c47ce8d38c0ae0

Major Detection Name : Gen:Variant.Ransom.Aviso.2 (BitDefender), Ransom:AutoIt/Lokmwiz.A (Microsoft)

Encrypted File Pattern : Lock.<Original Filename>.<Original Extension>

Malicious File Creation Location :
- C:\Users\%UserName%\AppData\Local\Temp\8x8x8
- C:\Users\%UserName%\AppData\Local\Temp\32.cab
- C:\Users\%UserName%\AppData\Local\Temp\64.cab
- C:\Users\%UserName%\AppData\Local\Temp\888.vbs
- C:\Users\%UserName%\AppData\Local\Temp\wl.jpg
- C:\Users\%UserName%\AppData\Local\Temp\x.exe

Major Characteristics :
- Offline Encryption
- Crypt888 / GrodexCrypt / MicroCop Ransomware series
- AutoIt scripts based Ransomware
- Developed by a Korean
- Disable the User Account Control (UAC)
- Creates the English and Korean message
- Changes desktop background (C:\Users\%UserName%\AppData\Local\Temp\wl.jpg)