Decrypt Amnesia ransomware with Emsisoft’s free decrypter

1 view

Skip to first unread message

Gerald309

unread,

May 10, 2017, 1:59:46 PM5/10/17

to bluecollar...@googlegroups.com, bluecollar...@yahoogroups.com

Decrypt Amnesia ransomware with Emsisoft’s free decrypter
In Emsisoft Lab by Sarah on May 6, 2017 | English
http://blog.emsisoft.com/2017/05/06/decrypt-amnesia-ransomware-with-emsisofts-free-decrypter/

How the Amnesia ransomware works

The main infection vector of Amnesia appears to be via RDP (remote desktop services) brute force attacks, which allow the malware author to log into the victim’s server and execute the ransomware.

Once the criminals have access, the malware will delete the system’s recovery points so shadow copies cannot be used to recover the files once encrypted. It will also copy itself into the %APPDATA% directory using the file name “guide.exe” and register itself within the “HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce” key to start automatically during the next boot.

Since Amnesia ransomware does not contain an extension list, it will encrypt all file types on the machine. .....

IN FULL:
http://blog.emsisoft.com/2017/05/06/decrypt-amnesia-ransomware-with-emsisofts-free-decrypter/

-- 
SENDER: gerald309 -- 
Have A Safe Computing Day!
Webmaster: Malware Removal/Amateur Forensics
HOME: BlueCollarPC.US [retired Summer 2016]
HOME/FREE HELP SITE: https://sites.google.com/site/pcsecurityhelper/
Free Malware Removal Help / A Community Website Since 2005 
RSS https://groups.google.com/forum/feed/bluecollarpcsecurity/msgs/rss.xml?num=15
YahooGroup: http://tech.groups.yahoo.com/group/BlueCollarPCSecurity
Subscribe: BlueCollarPCSec...@yahoogroups.com
MOBILES: https://sites.google.com/site/androidtableteers/
WordPress: http://pdamobilecafe.wordpress.com/ 
Alerts: pdamobilecafemobile...@yahoogroups.com 
RSS: https://groups.google.com/forum/feed/pdamobilecafe-mobilealerts/msgs/rss.xml?num=15

Reply all

Reply to author

Forward

0 new messages