Ransomware Report
You can check the latest ransomware information.
- title
- Analysis of ransomware Crylock [Crylock] that automatically runs even after rebooting
- Registration date
- 2022-10-03
- views
- 15935
[ CryLcok ransomware ]
[Virus/Malware Activity Report: CryLcok Ransomware]
A breach believed to be in the form of CryLcok ransomware has occurred,
so we would like to confirm the situation and provide a warning as follows.
CryLcok ransomware
The ransomware is called CryLcok and appears to be changing all files with the existing extension [Raptorfiles@yahooweb.co].[Generated Private Key].
How it works
file version
[Figure 1 File version]
[Figure 2 File properties]
behavioral process
Deleting shadow copies
Delete shadow copies to prevent restoration of encrypted files
[Figure 4 Deleting shadow copies]Disable Windows recovery function
Disable the Windows recovery function to make recovery difficult for users.
[Figure 5 Disabling Windows recovery function]
Infection results
A guidance file is created in each folder with the name how_to_decrypt.hta, and when encryption is performed, the files are changed to <.existing extension [Raptorfiles@yahooweb.co].[generated private key]>.
[Figure 6 Infection result 1]
[Figure 7 Infection result 2]
White Defender compatible
It supports real-time automatic restoration of files that will be encrypted before the malicious actions and blocking of White Defender ransomware.
[Figure 9 Block message]
[Figure 10 Block message]
- next post
- Surtr ransomware
