Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

WhiteRose Ransomware (<Random>_ENCRYPTED_BY.WHITEROSE)

  • Distribution Method : Remote access through Remote Desktop Protocol(RDP) or Terminal Services
 
  • MD5 : 00bd67cfccf7141c8fb6c622442bd419
 
  • Major Detection Name : Ransom.InfiniteTear (Malwarebytes), Ransom_WHITEROSE.THDOBAH (Trend Micro)
 
  • Encrypted File Pattern : <Random>_ENCRYPTED_BY.WHITEROSE
 
  • Malicious File Creation Location : C:\Perfect.sys
 
  • Payment Instruction File : HOW-TO-RECOVERY-FILES.TXT
 
  • Major Characteristics :
     - Offline Encryption
     - BlackRuby / InfiniteTear / Zenis Ransomware series
     - Disable system restore (vssadmin.exe delete shadows /all /Quiet, WMIC.exe shadowcopy delete, Bcdedit.exe /set {default} recoveryenabled no, Bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures)
     - Deletes event log (wevtutil.exe cl Application, wevtutil.exe cl Security, wevtutil.exe cl System)

List

위로