27 January 25, 09:25
Lilith Ransomware (.lilith) (2025. 01. 04. 660)
AppCheck Anti-Ransomware : Lilith Ransomware (.lilith) Block Video
Distribution Method : Unknown
MD5 : b7a182db3ba75e737f75bda1bc76331a
Major Detection Name : Ransomware/Win.LILITHCRYPT.C5205307 (AhnLab V3), Trojan.Ransom.Lilith.B (BitDefender)
Encrypted File Pattern : .lilith
Payment Instruction File : Restore_Your_Files.txt
Major Characteristics :
- Offline Encryption
- Recovery Partition (M:\) + EFI System Partition (N:\) drives are activate.
- Block processes execution (agntsvc.exe, dbsnmp.exe, ocssd.exe, oracle.exe, sql.exe, synctime.exe etc.)
More Info HERE
Content lifted from CheckMAL site with permission
![[-]](https://www.geeks.fyi/images/collapse.png)
