RegretLocker Ransomware Sample Download

RegretLocker Ransomware Sample Download
RegretLocker uses a special technique to mount the virtual disk file to individually encrypt each of its files. It uses the Windows Virtual Storage API OpenVirtualDisk, AttachVirtualDisk, GetVirtualDiskPhysicalPath to mount virtual disks. Thus, it specifically searches for VHDs and mounts them when found. After the virtual disk is mounted as a physical disk in Windows, It can encrypt each one individually, which increases the encryption speed. In addition to using the Virtual Storage API, RegretLocker also uses the Windows Restart Manager API to terminate Windows processes or services that keep the file open during encryption. It appends .mouse extension to encrypted file names

RegretLocker Ransomware Signatures

Family: Ransom:Win32/FileCrypter.MB!MTB
MD5: 3265b2b0afc6d2ad0bdd55af8edb9b37
SHA256: a188e147ba147455ce5e3a6eb8ac1a46bdd58588de7af53d4ad542c6986491f4

RegretLocker Ransomware Download

Download RegretLocker Ransomware Sample