<![CDATA[Geeks for your information - CheckMAL Videos]]> https://www.geeks.fyi/ Tue, 12 May 2026 02:51:53 +0000 MyBB <![CDATA[AppCheck Ransomware Block Videos 01 to 02 2025]]> https://www.geeks.fyi/showthread.php?tid=20638 Tue, 25 Feb 2025 12:01:26 +0000 jasonX]]> https://www.geeks.fyi/showthread.php?tid=20638  
Stop Ransomware (.xcvf) 2025. 01. 30.197


[Image: ggFBW0X.png]



 
TargetCompany Ransomware (.FARGO2) 2025. 01. 30.218


[Image: yF0VrOZ.png]



 
BianLian Ransomware (.bianlian) 2025. 02. 08.154


[Image: UMl9zNW.png]



 
LockBit v3.0 Ransomware (.BBNvvvgMC) 2025. 02. 09.185


[Image: eX84g6i.png]



 
Stop Ransomware (.sijr) 2025. 02. 20.95


[Image: 2b0M1GU.png]

Data and info derived/lifted from CheckMAL with permission
]]>  
Stop Ransomware (.xcvf) 2025. 01. 30.197


[Image: ggFBW0X.png]



 
TargetCompany Ransomware (.FARGO2) 2025. 01. 30.218


[Image: yF0VrOZ.png]



 
BianLian Ransomware (.bianlian) 2025. 02. 08.154


[Image: UMl9zNW.png]



 
LockBit v3.0 Ransomware (.BBNvvvgMC) 2025. 02. 09.185


[Image: eX84g6i.png]



 
Stop Ransomware (.sijr) 2025. 02. 20.95


[Image: 2b0M1GU.png]

Data and info derived/lifted from CheckMAL with permission
]]> <![CDATA[Lilith Ransomware (.lilith)]]> https://www.geeks.fyi/showthread.php?tid=20531 Mon, 27 Jan 2025 09:25:19 +0000 jasonX]]> https://www.geeks.fyi/showthread.php?tid=20531 Lilith Ransomware (.lilith) (2025. 01. 04. 660)  
AppCheck Anti-Ransomware : Lilith Ransomware (.lilith) Block Video

Distribution Method : Unknown
 
MD5 : b7a182db3ba75e737f75bda1bc76331a
 
Major Detection Name : Ransomware/Win.LILITHCRYPT.C5205307 (AhnLab V3), Trojan.Ransom.Lilith.B (BitDefender)
 
Encrypted File Pattern : .lilith
 
Payment Instruction File : Restore_Your_Files.txt
 
Major Characteristics :
 
  • Offline Encryption
  • Recovery Partition (M:\) + EFI System Partition (N:\) drives are activate.
  • Block processes execution (agntsvc.exe, dbsnmp.exe, ocssd.exe, oracle.exe, sql.exe, synctime.exe etc.)



More Info HERE

Content lifted from CheckMAL site with permission]]> Lilith Ransomware (.lilith) (2025. 01. 04. 660)  
AppCheck Anti-Ransomware : Lilith Ransomware (.lilith) Block Video

Distribution Method : Unknown
 
MD5 : b7a182db3ba75e737f75bda1bc76331a
 
Major Detection Name : Ransomware/Win.LILITHCRYPT.C5205307 (AhnLab V3), Trojan.Ransom.Lilith.B (BitDefender)
 
Encrypted File Pattern : .lilith
 
Payment Instruction File : Restore_Your_Files.txt
 
Major Characteristics :
 
  • Offline Encryption
  • Recovery Partition (M:\) + EFI System Partition (N:\) drives are activate.
  • Block processes execution (agntsvc.exe, dbsnmp.exe, ocssd.exe, oracle.exe, sql.exe, synctime.exe etc.)



More Info HERE

Content lifted from CheckMAL site with permission]]> <![CDATA[Redeemer Ransomware (.redeem)]]> https://www.geeks.fyi/showthread.php?tid=20530 Mon, 27 Jan 2025 09:22:51 +0000 jasonX]]> https://www.geeks.fyi/showthread.php?tid=20530 Redeemer Ransomware (.redeem) (2025. 01. 17. 456)  
AppCheck Anti-Ransomware : Redeemer Ransomware (.redeem) Block Video


Distribution Method : Unknown
 
MD5 : e37a0ece30267233f1dddf3c2300393f
 
Major Detection Name : Ransom:Win32/Redeemer.MK!MTB (Microsoft), Ransom.Win32.REDEEM.YXBLV (Trend Micro)
 
Encrypted File Pattern : .redeem
 
Malicious File Creation Location :
 
  • C:\Windows\ProgramData
  • C:\Windows\ProgramData\calc.exe
  • C:\Windows\SQL
  • C:\Windows\SQL\taskhost.exe
  • C:\Windows\SQL\rem.bat
  • C:\Windows\svchost
  • C:\Windows\svchost\conhost.exe


Payment Instruction File : Read Me.TXT
 
Major Characteristics :
 
  • Offline Encryption
  • Disable system restore (vssadmin delete shadows /All /Quiet)
  • Deletes event log (wevtutil clear-log Application, wevtutil clear-log Security, wevtutil clear-log Setup, wevtutil clear-log System)


More Info HERE

Content lifted from CheckMAL site with permission]]> Redeemer Ransomware (.redeem) (2025. 01. 17. 456)  
AppCheck Anti-Ransomware : Redeemer Ransomware (.redeem) Block Video


Distribution Method : Unknown
 
MD5 : e37a0ece30267233f1dddf3c2300393f
 
Major Detection Name : Ransom:Win32/Redeemer.MK!MTB (Microsoft), Ransom.Win32.REDEEM.YXBLV (Trend Micro)
 
Encrypted File Pattern : .redeem
 
Malicious File Creation Location :
 
  • C:\Windows\ProgramData
  • C:\Windows\ProgramData\calc.exe
  • C:\Windows\SQL
  • C:\Windows\SQL\taskhost.exe
  • C:\Windows\SQL\rem.bat
  • C:\Windows\svchost
  • C:\Windows\svchost\conhost.exe


Payment Instruction File : Read Me.TXT
 
Major Characteristics :
 
  • Offline Encryption
  • Disable system restore (vssadmin delete shadows /All /Quiet)
  • Deletes event log (wevtutil clear-log Application, wevtutil clear-log Security, wevtutil clear-log Setup, wevtutil clear-log System)


More Info HERE

Content lifted from CheckMAL site with permission]]> <![CDATA[AstraLocker v2.0 Ransomware (.AstraLocker)]]> https://www.geeks.fyi/showthread.php?tid=20529 Mon, 27 Jan 2025 09:19:48 +0000 jasonX]]> https://www.geeks.fyi/showthread.php?tid=20529 AstraLocker v2.0 Ransomware (.AstraLocker) (2025. 01. 18. 434)  
AppCheck Anti-Ransomware : AstraLocker v2.0 Ransomware (.AstraLocker) Block Video


Distribution Method : Unknown
 
MD5 : 8db7d5fb5cbdfc0731978261639f01a6
 
Major Detection Name : Ransom:Win32/Babuk.MAK!MTB (Microsoft), Ransom.Win32.BABUK.SMRD1 (Trend Micro)
 
Encrypted File Pattern : .AstraLocker
 
Payment Instruction File : Recover_Your_Files.html
 
Major Characteristics :
 
  • Offline Encryption
  • Babuk Locker / ChiChi Locker / DARKY LOCK / Delta Plus / Pandora / RA Group / Rook Ransomware series
  • Recovery Partition (M:\) + EFI System Partition (N:\) drives are activate.
  • Block processes execution (excel.exe, firefox.exe, oracle.exe, sql.exe, synctime.exe, thebat.exe etc.)
  • Stop multi services (backup, DefWatch, GxFWD, QBFCService, sophos, veeam etc.)
  • Disable system restore (vssadmin.exe delete shadows /all /quiet)




More Info HERE

Content lifted from CheckMAL site with permission]]> AstraLocker v2.0 Ransomware (.AstraLocker) (2025. 01. 18. 434)  
AppCheck Anti-Ransomware : AstraLocker v2.0 Ransomware (.AstraLocker) Block Video


Distribution Method : Unknown
 
MD5 : 8db7d5fb5cbdfc0731978261639f01a6
 
Major Detection Name : Ransom:Win32/Babuk.MAK!MTB (Microsoft), Ransom.Win32.BABUK.SMRD1 (Trend Micro)
 
Encrypted File Pattern : .AstraLocker
 
Payment Instruction File : Recover_Your_Files.html
 
Major Characteristics :
 
  • Offline Encryption
  • Babuk Locker / ChiChi Locker / DARKY LOCK / Delta Plus / Pandora / RA Group / Rook Ransomware series
  • Recovery Partition (M:\) + EFI System Partition (N:\) drives are activate.
  • Block processes execution (excel.exe, firefox.exe, oracle.exe, sql.exe, synctime.exe, thebat.exe etc.)
  • Stop multi services (backup, DefWatch, GxFWD, QBFCService, sophos, veeam etc.)
  • Disable system restore (vssadmin.exe delete shadows /all /quiet)




More Info HERE

Content lifted from CheckMAL site with permission]]>