Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

  • Distribution Method : Unknown
 
  • MD5 : bcf0e5d50839268ab93d1210cf08fa37
 
  • Major Detection Name : Trojan.Ransom.LockBit (ALYac), Ransom.Win32.LOCKBIT.YXDL3T (Trend Micro)
 
  • Encrypted File Pattern : .1YwR2c1YK
 
  • Malicious File Creation Location :
     - C:\ProgramData\1YwR2c1YK.ico
     - C:\ProgramData\<4-Digit Random>.tmp
 
  • Message File : 1YwR2c1YK.README.txt
 
  • Major Characteristics :
     - Offline Encryption
     - Block processes execution. (agntsvc, dbsnmp, isqlplussvc, oracle, sqbcoreservice, winword etc.)
     - Stop multi services. (backup, GxFWD, mepocs, msexchange, sophos, veeam etc.)
     - Delete multi services. (vmicvss, VSS, WdBoot, WdFilter, WdNisDrv, WinDefend etc.)
     - Change encrypted file (.1YwR2c1YK) icon. (HKEY_CLASSES_ROOT\1YwR2c1YK)
     - After the file is encrypted, it overwrites free disk space via the file "C:\ProgramData\<4-Digit Random>.tmp" to prevent file recovery.
     - Empty the trash.
     - Changes desktop background. (C:\ProgramData\1YwR2c1YK.bmp)

List

위로