Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

  • Distribution Method : Unknown
  • MD5 : 6c85abfef8dfee1eeefb7f1354516303
  • Major Detection Name : Ransomware/Win.Cryptolocker.C4441920 (AhnLab V3), Ransom:MSIL/CryptoLocker.DD!MTB (Microsoft)
  • Encrypted File Pattern : <Original Filename>.<Original Extension>
  • Major Characteristics :
     - Offline Encryption
     - Disable and Blocks Task Manager (DisableTaskMgr)
     - Block processes execution (cmd, Processhacker, regedit, sdclt)
     - Windows Explorer does not launch after booting the Windows system. (HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = empty)
     - Blocking mouse and keyboard input using the BlockInput function.
     - After completion of encryption, windows reboots automatically. (shutdown -r -t 0) 
     - Delete the desktop background. (HKEY_CURRENT_USER\Control Panel\Desktop\WallPaper = Blank)