Ransomware Report
You can check the latest ransomware information.
- title
- Back Ransomware
- Registration date
- 2024-01-16
- views
- 3566
[Back Ransomware]
[Virus/Malware Activity Report: Back Ransomware]
Back A security breach believed to be in the form of ransomware has occurred, and
we would like to confirm the situation and provide a warning as follows.
Back Ransomware
The ransomware in question is called Back and has a file name and extension. It appears that all files are being changed as crypted.
How it works
file version
[Figure 1 Ransomware executable file compiler information]
[Figure 2 File information in window properties]
Ransomware operation characteristics
-
It was built based on C# .Net, and although it does not name itself as ransomware in the ransomware notes, the namespace for the static code is Back. When running, it registers itself in the registry of startup programs, terminates data (SQL DB and document-related) and debug-related programs, and encrypts all path drivers. Specify the wallpaper as an image created in a temporary folder.
[Figure 3 Namespace created with Back within static code]
[Figure 4 Static code registered as a startup program and the actual created registry]
[Figure 5 Static code that terminates data and debug related programs]
[Figure 6 File names excluded from attack targets]
[Figure 7 Folder names excluded from attack targets]
[Figure 8 Location path name excluded from attack target]
[Figure 9 Desktop image created in temporary folder]
Infection results
The guide file is created as
[Figure 7 Infection results]
White Defender compatible
It supports real-time automatic restoration of files that will be encrypted before the malicious actions and blocking of White Defender ransomware.
[Figure 8 Block message]
- Previous post
- GlobeImposter ransomware
- next post
- Rapid Ransomware
