[ Elons Ransomware ]

[ Virus/malicious code activity reported: Elons ransomware ]

We are aware of a security breach that is believed to be in the form of Elons ransomware
. We would like to provide the following information and warnings regarding the situation.

Elons ransomware

The ransomware is called Elons and it appears to be changing the filename.extension.Elons of all files.

How it works

File version

[Figure 1 Ransomware executable file compiler information]

[Figure 2 File information in Windows properties]

Ransomware behavior characteristics

• Developed in C++, this ransomware implements the ability to prevent multiple executions via mutexes. In addition to the usual execution, it can be configured with additional parameters to configure custom settings, which can activate various options. During the file encryption process, it deletes shadow copies of the system and empties all Recycle Bins to make recovery more difficult. It is also designed to terminate certain security software and system diagnostic processes to make debugging difficult. It takes additional security measures to minimize tracking and analysis, including the self-deleting command after encryption is complete.

  
  [Figure 3 Internal source code to check additional parameters]

  
  [Progress window that appears when running console mode using Figure 4 parameters]

  
  [Command to delete the ransomware itself after completing Figure 5]

Infection results

A guide file is created in each folder location with the name <#Read-for-recovery.txt>, and each encrypted file is changed to <file name.extension.[Elonse@cyberfear.com].Elons>.

[Figure 6 Infection results]

White Defender Response

It also supports real-time automatic restoration of files that are encrypted before the malicious actions and blocking of WhiteDefender ransomware.

[Figure 7 Blocking Message]

Go watch Elons blocking video