Ransomware Report

You can check the latest ransomware information.

title
Morgan ransomware
Registration date
2024-09-02
views
1322

[ Morgan Ransomware ]

[ Virus/malicious code activity reported: Morgan ransomware ]

A security breach suspected to be Morgan ransomware has occurred.
We would like to provide the following information and warning regarding the situation.

Morgan ransomware

The ransomware is called Morgan and it appears to be changing all files to filename.extension.morgan.

How it works

File version


[Figure 1 Ransomware executable file compiler information]


[Figure 2 File information in Windows properties]

Ransomware behavior characteristics

  • It is a .NET-based ransomware with duplication prevention and VM environment-related check functions. It currently attacks the library, encrypts it, then downloads images uploaded to imgur, a famous image storage, and applies them to the desktop.


    [Figure 3 Attack on the library of the currently logged-in profile]


    [Figure 4 Download the image uploaded to imgur]


    [Figure 5 Actual uploaded image]


    [Figure 6 Extensions that are the target of attack]

Infection results

A guide file is created in each folder location with the name <README.txt>, and each encrypted file is changed to <file name.extension.morgan>.


[Figure 7 Infection results]

White Defender Response

It also supports real-time automatic restoration of files that are encrypted before the malicious actions and blocking of WhiteDefender ransomware.


[Figure 8 Blocking Message]

Go watch Morgan blocking video

Previous post
Lynx ransomware
next post
Alice ransomware
Everyzone White Defender Co., Ltd. | CEO: Seunggyun Hong|Business registration number: 220-81-67981
Copyright ⓒEveryzone , Inc. All Rights Reserved.|