Videos
Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.
- Distribution Method : Unknown
- MD5 : 99bfaaacebf1b34fdebd4e7ce4070a36
- Major Detection Name : Ransomware/Win.Mallox.R653669 (AhnLab V3), Ransom:Win32/GarrantDecrypt.PA!MTB (Microsoft)
- Encrypted File Pattern : .malox
- Message File : FILE RECOVERY.txt
- Major Characteristics :
- Offline Encryption
- TargetCompany Ransomware series
- Block processes execution (fdlauncher.exe, MsDtsSrvr.exe, pg_ctl.exe, ReportingServicesService.exe, sqlbrowser.exe, sqlceip.exe etc.)
- Delete multi services (MSSQL, MSSQLFDLauncher, ReportServer, SQLSERVERAGENT, SSISTELEMETRY130, TMBMServer etc.)
- Disable system restore (vssadmin.exe delete shadows /all /quiet, bcdedit /set {current} bootstatuspolicy ignoreallfailures, bcdedit /set {current} recoveryenabled no)
- Encryption is first performed on files with specific extensions (.dbf, .dmp, .hdd, .ibd, .lck, .mdb, .nvram, .ora, .oraenv, .rar, .sql, .smd, .vdi, .vhd, .vhdx, .vmdk, .vmem, .vmsd, .vmsn, .vmss, .vmx, .zip).