Ransomware Report

You can check the latest ransomware information.

title
NoEscape ransomware
Registration date
2023-09-25
views
6153

[NoEscape Ransomware]

[Virus/Malware Activity Report: NoEscape Ransomware]

In response to a breach believed to be in the form of NoEscape ransomware,
we would like to confirm the situation and provide a warning as follows.

NoEscape ransomware

The ransomware in question is called NoEscape and has a file name.extension. It appears that all files are being changed to CGFBGEFJEJ.

How it works

file version


[Figure 1 Ransomware executable file compiler information]


[Figure 2 File information in window properties]

Ransomware operation characteristics

  • It is built based on C++ and prevents users from recovering data after an attack by executing several commands such as deleting shadow copies / deleting system state backup / disabling the Windows restore function / disabling the error notification function after the first run, and stopping data-related services. I see it. After the encryption attack, the ransomware is copied to AppdataRoaming, executed additionally, and then the desktop is changed.


    [Figure 3 Dynamic code contents that batch copy the contents to use the command]


    [Figure 4 Dynamic code content that stops data-related services]


    [Figure 5 Executable file and desktop image created in the Roaming folder]

Infection results

The desktop is changed, and HOW_TO_RECOVER_FILES.txt is created in each folder location. When encrypting <file name.extension. Change files with CGFBGEFJEJ>.


[Figure 6 Infection results]

White Defender compatible

It supports real-time automatic restoration of files that will be encrypted before the malicious actions and blocking of White Defender ransomware.


[Figure 7 Block message]

Watch the NoEscape blocking video

Previous post
XData ransomware
next post
DODO ransomware
Everyzone White Defender Co., Ltd. | CEO: Seunggyun Hong|Business registration number: 220-81-67981
Copyright ⓒEveryzone , Inc. All Rights Reserved.|