Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

Rapid Ransomware (<Random Filename>.RAPID)

  • Distribution Method : Unknown
  • MD5 : 3f25fb5d28c65ea1800ad003b9ae5763
  • Major Detection Name : Generic.Ransom.Rapid.3E084A69 (BitDefender), Ransom.Rapid (Malwarebytes)
  • Encrypted File Pattern : <Random Filename>.RAPID
  • Malicious File Creation Location :
     - C:\Users\%UserName%\AppData\Roaming\info.exe
     - C:\Users\%UserName%\AppData\Roaming\recovery.txt
  • Payment Instrucition File : How Recovery Files.txt / recovery.txt
  • Major Characteristics :
     - Offline Encryption
     - Block processes execution (msftesql.exe, oracle.exe, sqlagent.exe, sqlbrowser.exe, sqlservr.exe, sqlwriter.exe etc.)
     - Disable system restore (vssadmin.exe Delete Shadows /All /Quiet, bcdedit.exe /set {default} recoveryenabled No, bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures, wbadmin DELETE SYSTEMSTATEBACKUP, wmic SHADOWCOPY DELETE)
     - Adds Encrypter to scheduler to execute "%AppData%\info.exe" every minute.
     - Adds EncrypterSt to scheduler to execute "%AppData%\info.exe" at user login