RegretLocker uses a special technique to mount the virtual disk file to individually encrypt each of its files. It uses the Windows Virtual Storage API OpenVirtualDisk, AttachVirtualDisk, GetVirtualDiskPhysicalPath to mount virtual disks. Thus, it specifically searches for VHDs and mounts them when found. After the virtual disk is mounted as a physical disk in Windows, It can encrypt each one individually, which increases the encryption speed. In addition to using the Virtual Storage API, RegretLocker also uses the Windows Restart Manager API to terminate Windows processes or services that keep the file open during encryption. It appends
.mouse extension to encrypted file names
RegretLocker Ransomware Signatures
Family: Ransom:Win32/FileCrypter.MB!MTB
MD5: 3265b2b0afc6d2ad0bdd55af8edb9b37
SHA256: a188e147ba147455ce5e3a6eb8ac1a46bdd58588de7af53d4ad542c6986491f4
RegretLocker Ransomware Download
