Money Message Ransomware (<Original Filename>.<Original Extension>xvyyzzr → <Original Filename>.<Original Extension>) - Videos - CheckMAL

Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

Distribution Method : Unknown

MD5 : e70eb7f6acf733b30aaadd02d9feac21

Major Detection Name : Ransom:Win32/MoneyMessage.A!ibt (Microsoft), Ransom.Win32.MONEYMESSAGE.ZTKD (Trend Micro)

Encrypted File Pattern : <Original Filename>.<Original Extension>xvyyzzr → <Original Filename>.<Original Extension>

Malicious File Creation Location : <Drive Letter>:\money_message.log

Message File : money_message.log

Major Characteristics :
- Offline Encryption
- Block processes execution. (agntsvc.exe, isqlplussvc.exe, outlook.exe, steam.exe, thunderbird.exe, xfssvccon.exe etc.)
- Stop multi services. (backup, memtas, mepocs, sophos, veeam, vmms etc.)
- Disable system restore. (vssadmin.exe delete shadows /all /quiet)