Are You Hit by Ransomware?

7/25/2019 Are You Hit by Ransomware?

1/6

Are you hit by the Ransomware

Anti-Virus & Content Security

Version No.: eML-1.0.0 www.escanav.com


2/6

Mumbai, January 20, 2015: eScan, one of the leading Anti-Virus and Content SecuritySolution providers warns IT users of a Ransomware that has been creating havoc in theIndian sub-continent since January 19, 2015 evening IST. The Ransomware has thecapability to encrypt all the user document files stored in the systems that are infectedby it. Further to which, it demands Ransom to decrypt them.

How could this happen?

eScan detects this as Trojan.Agent.BHHK. This Ransomware enters into the systemthrough an email by masquerading as a FAX receipt / pages. It then compels users tosave the attached compressed file and execute the file contained within it, in order toview the FAX. The file when executed encrypts all the user document files and asks for aransom.

One of the malicious emails has been re-produced as below:

Are you hit by the Ransomware ?

Anti-Virus & Content SecurityAnti-Virus & Content Security

www.escanav.com

1.

Image 1 How the malicious email looks like.


3/6


www.escanav.com

2.

Image 2 - The executable file which exists within the compressed file.

Image 3 Message displayed demanding Ransom after the system isinfected and the documents are encrypted.

It is to be noted that in near future, cyber criminals may choose to changethe icon of the executable in order to make it look like a Word Document or

a PDF file. As the number of incidents of computer systems getting infectedby this Ransomware is on rise and almost all of the reported cases are fromthe Indian Sub-Continent, we at eScan are issuing an advisory so thatfurther infections are prevented.


4/6


www.escanav.com

3.

Do not save / open attachments which are specifically related to FAXreceipts.

Exercise caution while handling emails whose subject contains the wordFAX / pages.

Be wary of opening emails from unknown sources.

Update your Anti-virus software. Ensure that mail gateways are properly

fortified with the blocking and scanning mechanisms.Take regular backups of the Files that are important or are regularly

opened by you.

How to avoid this?Here are few preventive steps that eScan suggests for end users and

administrators:

How eScan Secures your PC The Provisions made in eScan

New algorithms have been added in the registry which enables themonitor to block suspicious emails.

eScan will prevent opening any attachment with ZIP and CAB havingSCR or PIF file in it. All files containing ZIP, CAB or EXE files that are evenless then 1 MB will be prevented from opening.

It is supported on Email Clients only. Browser based Email clients are notsupported currently.

Password protected files will not be scanned or checked.

eScan is equipped with the following options to combat CTB Locker

eScan maintains and regularly updates a list of block listed domains, thatspread malware infection and viruses or, are itself infected. User Accessto such domains is automatically blocked by eScan.

Active Virus Control eScan blocks applications that try to open certaintype of files on user computer.

Advanced Cloud Protection with eScan Security Network -

eScan's Cloud Protection module identifies new threats faster with

global threat intelligence engine and immediately responds tolatest threats.

Monitors the internet round the clock for malware outbreaks andthreats.


5/6


www.escanav.com

4.

About eScaneScan, one of the leading Anti-Virus & Content Security solutions forDesktops, Smartphones and Servers, is developed and marketed byMicroWorld. It is powered by innovative and futuristic technologies, such asMWL Technology, DIRC Technology, NILP Technology, and sophisticatedAnti-Virus Heuristic Algorithms that not only provides protection fromcurrent threats, but also provides proactive protection against evolvingthreats. eScan provides 24x7 free remote support facility, integrated in thesoftware to help customers to get their malware related issues resolved inthe fastest possible time-frame. It has achieved several certifications andawards from some of the most prestigious testing bodies, notable amongthem being AV-Comparatives, Virus Bulletin, AV-Test, ICSA, and PCSL labs.Combining the power of various innovative technologies, eScan providesMulti-level Real-time Protection to digital devices and Networks. For moreinformation, visit www.escanav.com.


6/6


www.escanav.com

5

Germany:MicroWorld Technologies GmbHDrosselweg 1,76327 Pfinztal,Germany.

Tel: +49 72 40 94 49 0920Fax: +49 72 40 94 49 0992

E-mail: [email protected] site: www.escanav.de

India:MicroWorld Software Services Pvt. Ltd.CIN No.:U72200MH2000PTC127055Plot No.80, Road No.15, MIDC,Marol, Andheri (E),Mumbai- 400 093, India.

Tel: +91 22 6772 2900Fax: +91 22 2830 4750Toll Free No: 1800 267 2900

E-mail: [email protected] site: www.escanav.com

USA:MicroWorld Technologies Inc.31700 W 13 Mile Rd, Ste 98Farmington Hills, MI 48334,USA.

Tel: +1 248 855 2020/2021Fax: +1 248 855 2024.TOLL FREE: 1-877-EZ-VIRUS(USA Only)


Our Offices

Malaysia:MicroWorld Technologies SdnBhd.(722338-A)E-8-6, Megan Avenue 1,189, Jalan Tun Razak,50400 Kuala Lumpur, Malaysia.


Tel: +603 2333 8909 / 8910Fax: +603 2333 8911

South Africa:MicroWorld Technologies SouthAfrica (Pty) Ltd.376 Oak Avenue, Block C(Entrance at 372 Oak Avenue),Ferndale, Randburg, Gauteng,South Africa.

E-mail: [email protected] site: www.escan.co.za

Tel: Local 08610 eScan (37226)International: +27 11 781 4235Fax: +086 502 0482

Brasil:eScan Brasil LtdaRua Augusta, 1836 - 7o AndarCEP 01412-000 - So Paulo - SPBrasil.

E-mail: [email protected] site: www.escanbr.com.br

Tel: +55 11 4063 6500Fax: +086 502 0482

Mexico:eScan MexicoManzana 3, SuperManzana 505,Lote 13, Fraccionamiento Pehaltun,C.P. 77533, Cancun, Quintana Roo,Mexico.

E-mail: [email protected] site: www.escanav.com.mx

Tel: +52 998 9893157

Are You Hit by Ransomware?

Documents

Transcript of Are You Hit by Ransomware?