Decrypt Amnesia ransomware with Emsisoft’s free decrypter
In Emsisoft Lab by Sarah on May 6, 2017 | English
http://blog.emsisoft.com/2017/05/06/decrypt-amnesia-ransomware-with-emsisofts-free-decrypter/
How the Amnesia ransomware works
The main infection vector of Amnesia appears to be via RDP (remote
desktop services) brute force attacks, which allow the malware
author to log into the victim’s server and execute the ransomware.
Once the criminals have access, the malware will delete the
system’s recovery points so shadow copies cannot be used to
recover the files once encrypted. It will also copy itself into
the %APPDATA% directory using the file name “guide.exe” and
register itself within the
“HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce”
key to start automatically during the next boot.
Since Amnesia ransomware does not contain an extension list, it
will encrypt all file types on the machine. .....
IN FULL:
http://blog.emsisoft.com/2017/05/06/decrypt-amnesia-ransomware-with-emsisofts-free-decrypter/
-- SENDER: gerald309 -- Have A Safe Computing Day! Webmaster: Malware Removal/Amateur Forensics HOME: BlueCollarPC.US [retired Summer 2016] HOME/FREE HELP SITE: https://sites.google.com/site/pcsecurityhelper/ Free Malware Removal Help / A Community Website Since 2005 RSS https://groups.google.com/forum/feed/bluecollarpcsecurity/msgs/rss.xml?num=15 YahooGroup: http://tech.groups.yahoo.com/group/BlueCollarPCSecurity Subscribe: BlueCollarPCSec...@yahoogroups.com MOBILES: https://sites.google.com/site/androidtableteers/ WordPress: http://pdamobilecafe.wordpress.com/ Alerts: pdamobilecafemobile...@yahoogroups.com RSS: https://groups.google.com/forum/feed/pdamobilecafe-mobilealerts/msgs/rss.xml?num=15