Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

GEHENNA LOCKER Ransomware (<Original Filename>.<Original Extension> → <Base64>.gehenna)

  • Distribution Method : Unknown
 
  • MD5 : 5d07dd594a3fa3a1f6a86da2beb68cb3
 
  • Major Detection Name : Generic.Ransom.Snatch.9242E87A (BitDefender), Ransom.MauriGo (Malwarebytes)
 
  • Encrypted File Pattern : <Original Filename>.<Original Extension> → <Base64>.gehenna
 
  • Malicious File Creation Location : C:\Users\%UserName%\Desktop\GEHENNA-KEY-README.txt
 
  • Payment Instruction File : GEHENNA-README-WARNING.html
 
  • Major Characteristics :
     - Offline Encryption
     - Disable system restore (vssadmin delete shadows /All /Quiet, bcdedit /set { default } bootstatuspolicy ignoreallfailures, wbadmin delete catalog - quiet)

List

위로