- Aug 7, 2016
- 228
Changes the file name and adds the extension .aesir
Last edited by a moderator:
Locky Ransomware new adds the .aesir extension - Demonstration of attack
- Thread starter GrujaRS
- Start date
It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
Nice demonstration as always, thank you for sharing @CyberSecurity GrujaRS!
Already came across at least one today (thank you @Daniel Hidalgo for the nice pack of today
).
Don't trust your AV too much, if it does not have a signature, and mechanics don't work out, you might be wasted. A**** Pro did not really recognize the threat (not a single warning), encryption is super fast.
P.S. Someone's really a fan of northern mythology, isn't (s)he?
Already came across at least one today (thank you @Daniel Hidalgo for the nice pack of today
).Don't trust your AV too much, if it does not have a signature, and mechanics don't work out, you might be wasted. A**** Pro did not really recognize the threat (not a single warning), encryption is super fast.
P.S. Someone's really a fan of northern mythology, isn't (s)he?
- May 14, 2016
- 1,597
Hi,
new here, searching for some help in a situation like this. Network folder all the files are .aesir.
What can I do?
new here, searching for some help in a situation like this. Network folder all the files are .aesir.
What can I do?
Last edited:
Thanks for the demonstration. I need to do a video on this but the last time I tried to execute Locky it didn't actually do anything... It changed from the .exe to svchost.exe but then didn't encrypt my files - it probably detected the VM.
- Aug 7, 2016
- 228
https://www.hybrid-analysis.com/sam...6705487b23bc2df7e3d51469ba0?environmentId=100
Sample JSE - JScript Encoded Script File
Greeting
- Mar 8, 2013
- 22,627
I can't help with this one, there is no way to decrypt files.
Similar threads
