Rapid Ransomware (.rapid / How Recovery Files.txt) - Videos - CheckMAL

Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

Distribution Method : Unknown

MD5 : 46f5092fcedc2fee4bfbd572dd2a8f6f

Major Detection Name : Trojan.Ransom.Rapid.A (BitDefender), Ransom/W32.Rapid.921088 (nProtect)

Encrypted File Pattern : .rapid

Malicious File Creation Location :
- C:\Users\%UserName%\AppData\Roaming\info.exe
- C:\Users\%UserName%\AppData\Roaming\recovery.txt

Payment Instrucition File : How Recovery Files.txt / recovery.txt

Major Characteristics :
- Offline Encryption
- Block processes execution (oracle.exe, sql.exe, sqlite.exe)
- Disable system restore (vssadmin.exe Delete Shadow /All /Quiet, bcdedit.exe /set {default} recoveryenabled No, bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures)