GEHENNA LOCKER Ransomware (<Original Filename>.<Original Extension> → <Base64>.gehenna) - Videos - CheckMAL

Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

Distribution Method : Unknown

MD5 : 5d07dd594a3fa3a1f6a86da2beb68cb3

Major Detection Name : Generic.Ransom.Snatch.9242E87A (BitDefender), Ransom.MauriGo (Malwarebytes)

Encrypted File Pattern : <Original Filename>.<Original Extension> → <Base64>.gehenna

Malicious File Creation Location : C:\Users\%UserName%\Desktop\GEHENNA-KEY-README.txt

Payment Instruction File : GEHENNA-README-WARNING.html

Major Characteristics :
- Offline Encryption
- Disable system restore (vssadmin delete shadows /All /Quiet, bcdedit /set { default } bootstatuspolicy ignoreallfailures, wbadmin delete catalog - quiet)