[ Divinity ransomware ]

[Virus/Malware Activity Report: Divinity Ransomware]

Due to a breach believed to be in the form of Divinity ransomware,
we would like to confirm the situation and provide a warning as follows.

Divinity Ransomware

The ransomware in question is called Divinity and has a file name.extension. divinity It appears that all files are being changed.

How it works

file version

[Figure 1 Ransomware executable file compiler information]

[Figure 2 File information in window properties]

Ransomware operation characteristics

• When executed as C++-based ransomware, all drives are encrypted. Upon completion, a message window is displayed and the desktop is changed to an image created in a temporary folder.

  
  [Figure 3 Message window displayed after completion]

  
  [Figure 4 Desktop image created in temporary folder]

Infection results

The guidance file is created in each path, and the files are changed to during encryption.

[Figure 5 Infection results]

White Defender compatible

It supports real-time automatic restoration of files that will be encrypted before the malicious actions and blocking of White Defender ransomware.

[Figure 6 Block message]

Watch the Divinity blocking video