You can check the latest ransomware information.
[NoEscape Ransomware]
[Virus/Malware Activity Report: NoEscape Ransomware]
In response to a breach believed to be in the form of NoEscape ransomware,
we would like to confirm the situation and provide a warning as follows.
NoEscape ransomware
The ransomware in question is called NoEscape and has a file name.extension. It appears that all files are being changed to CGFBGEFJEJ.
How it works
file version
[Figure 1 Ransomware executable file compiler information]
[Figure 2 File information in window properties]
Ransomware operation characteristics
It is built based on C++ and prevents users from recovering data after an attack by executing several commands such as deleting shadow copies / deleting system state backup / disabling the Windows restore function / disabling the error notification function after the first run, and stopping data-related services. I see it. After the encryption attack, the ransomware is copied to AppdataRoaming, executed additionally, and then the desktop is changed.
[Figure 3 Dynamic code contents that batch copy the contents to use the command]
[Figure 4 Dynamic code content that stops data-related services]
[Figure 5 Executable file and desktop image created in the Roaming folder]
Infection results
The desktop is changed, and HOW_TO_RECOVER_FILES.txt is created in each folder location. When encrypting <file name.extension. Change files with CGFBGEFJEJ>.
[Figure 6 Infection results]
White Defender compatible
It supports real-time automatic restoration of files that will be encrypted before the malicious actions and blocking of White Defender ransomware.
[Figure 7 Block message]