Ransom

What is “Ransom.MedusaLockerCiR”?

Malware Removal

The Ransom.MedusaLockerCiR is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Ransom.MedusaLockerCiR virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Guard pages use detected – possible anti-debugging.
  • A process attempted to delay the analysis task.
  • Dynamic (imported) function loading detected
  • A process created a hidden window
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Attempts to delete or modify volume shadow copies
  • Attempts to stop active services
  • Installs itself for autorun at Windows startup
  • CAPE detected the MedusaLocker malware family
  • Attempts to ensure mapped drives are available from an elevated prompt or process with UAC enabled
  • Creates known MedusaLocker ransomware mutexes
  • Uses suspicious command line tools or Windows utilities

How to determine Ransom.MedusaLockerCiR?



File Info:

name: 753585E5E099B192CF8D.mlw
path: /opt/CAPEv2/storage/binaries/e26b2ffb2ee711fc7b04d62911580560794ee4fa9b7fcfade65ee6ff2eed0274
crc32: FC7B9924
md5: 753585e5e099b192cf8d7593dd5ef4bf
sha1: 68c5d6b38c9dd9e9e1e888386025352811147028
sha256: e26b2ffb2ee711fc7b04d62911580560794ee4fa9b7fcfade65ee6ff2eed0274
sha512: de96554eaa3971672f05228d26fc6cbe98c8a5b31d35b21c92256c4dfee24ec81a708d601e0be4b80a0a365f620e4b0582f6fcc950f29df2ed6233c8314494ce
ssdeep: 12288:Z764Gc6NBGBLm9PNqP9urjQ/4K/+OeO+OeNhBBhhBBlmgF6+LK2Ow1APjYHhI3xu:Z763c6NEBa9PNqP9urjQ3bO68OwOLYHG
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1D5D48D21F243E171D47309B44EACAEAA943D7D740B2596FB63C82B2D5A355E04E20FB7
sha3_384: a3f142a2ad79f0805b5a1c4e0d8bfc8209c6fdef08ff799b8ab4eae0710246da5d8c02266c227567e5eef71b07cb28f6
ep_bytes: e8cd040000e97afeffff836104008bc1
timestamp: 2022-05-16 14:10:39


Version Info:

0: [No Data]

Ransom.MedusaLockerCiR also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.DelShad.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Heur.Ransom.REntS.Gen.1
FireEyeGeneric.mg.753585e5e099b192
CAT-QuickHealRansom.MedusaLockerCiR
McAfeeRDN/Ransom
CylanceUnsafe
VIPREGen:Heur.Ransom.REntS.Gen.1
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (W)
BitDefenderGen:Heur.Ransom.REntS.Gen.1
K7GWTrojan ( 0053d3321 )
K7AntiVirusTrojan ( 0053d3321 )
CyrenW32/ABRisk.XKCX-6064
SymantecTrojan.Gen.MBT
ESET-NOD32a variant of Win32/Filecoder.NSF
APEXMalicious
Paloaltogeneric.ml
KasperskyHEUR:Trojan-Ransom.Win32.Generic
AlibabaRansom:Win32/MedusaLocker.f344b410
NANO-AntivirusTrojan.Win32.Encoder.jplofo
AvastWin32:Malware-gen
TencentWin32.Trojan.Filecoder.Afrh
Ad-AwareGen:Heur.Ransom.REntS.Gen.1
EmsisoftGen:Heur.Ransom.REntS.Gen.1 (B)
ComodoMalware@#216968htq14nm
DrWebTrojan.Encoder.35400
ZillyaTrojan.Filecoder.Win32.24574
TrendMicroRansom_MedusaLocker.R002C0DEI22
McAfee-GW-EditionBehavesLike.Win32.Generic.jh
Trapminesuspicious.low.ml.score
SophosMal/Generic-S
SentinelOneStatic AI – Suspicious PE
GDataGen:Heur.Ransom.REntS.Gen.1
JiangminTrojan.DelShad.bzs
WebrootW32.Malware.Gen
AviraHEUR/AGEN.1213030
Antiy-AVLTrojan/Generic.ASMalwS.6769
KingsoftWin32.Troj.Undef.(kcloud)
ArcabitTrojan.Ransom.REntS.Gen.1
ZoneAlarmHEUR:Trojan-Ransom.Win32.Generic
MicrosoftRansom:Win32/MedusaLocker.A!MTB
CynetMalicious (score: 100)
AhnLab-V3Ransomware/Win.Ransom.C5158896
VBA32BScope.Trojan.Garvi
ALYacTrojan.Ransom.Filecoder
MAXmalware (ai score=82)
MalwarebytesMalware.AI.1812541523
TrendMicro-HouseCallRansom_MedusaLocker.R002C0DEI22
RisingRansom.Agent!1.C2C9 (CLASSIC)
IkarusTrojan.Ransom.HorseMagyar
MaxSecureTrojan.Malware.10307848.susgen
FortinetW32/Filecoder.NSF!tr.ransom
BitDefenderThetaGen:NN.ZexaF.34786.MqW@aGiWDAp
AVGWin32:Malware-gen
Cybereasonmalicious.5e099b
PandaTrj/GdSda.A

How to remove Ransom.MedusaLockerCiR?

Ransom.MedusaLockerCiR removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment