Sunteți pe pagina 1din 6
Anti-Virus & Content Security
Anti-Virus & Content Security

Are you hit by the Ransomware ?

Version No.: eML-1.0.0

www.escanav.com

Anti-VirusAnti-Virus && ContContentent SecuritySecurity Are you hit by the Ransomware ? Mumbai, January 20, 2015:

Anti-VirusAnti-Virus && ContContentent SecuritySecurity

Are you hit by the Ransomware ?

Mumbai, January 20, 2015: eScan, one of the leading Anti-Virus and Content Security Solution providers warns IT users of a Ransomware that has been creating havoc in the Indian sub-continent since January 19, 2015 evening IST. The Ransomware has the capability to encrypt all the user document files stored in the systems that are infected by it. Further to which, it demands Ransom to decrypt them.

How could this happen?

eScan detects this as Trojan.Agent.BHHK. This Ransomware enters into the system through an email by masquerading as a FAX receipt / pages. It then compels users to save the attached compressed file and execute the file contained within it, in order to view the FAX. The file when executed encrypts all the user document files and asks for a ransom.

One of the malicious emails has been re-produced as below:

One of the malicious emails has been re-produced as below: Image 1 – How the malicious

Image 1 – How the malicious email looks like.

www.escanav.com

1.

Anti-VirusAnti-Virus && ContContentent SecuritySecurity Image 2 - The executable file which exists within the

Anti-VirusAnti-Virus && ContContentent SecuritySecurity

&& ContContentent SecuritySecurity Image 2 - The executable file which exists within the

Image 2 - The executable file which exists within the compressed file.

The executable file which exists within the compressed file. Image 3 – Message displayed demanding Ransom

Image 3 – Message displayed demanding Ransom after the system is infected and the documents are encrypted.

It is to be noted that in near future, cyber criminals may choose to change the icon of the executable in order to make it look like a Word Document or a PDF file. As the number of incidents of computer systems getting infected by this Ransomware is on rise and almost all of the reported cases are from the Indian Sub-Continent, we at eScan are issuing an advisory so that further infections are prevented.

www.escanav.com

2.

Anti-VirusAnti-Virus && ContContentent SecuritySecurity How to avoid this? Here are few preventive steps that

Anti-VirusAnti-Virus && ContContentent SecuritySecurity

How to avoid this? Here are few preventive steps that eScan suggests for end users and administrators:

—Do not save / open attachments which are specifically related to FAX receipts.

—Exercise caution while handling emails whose subject contains the word FAX / pages.

—Be wary of opening emails from unknown sources.

—Update your Anti-virus software. Ensure that mail gateways are properly fortified with the blocking and scanning mechanisms.

—Take regular backups of the Files that are important or are regularly opened by you.

How eScan Secures your PC –The Provisions made in eScan

—New algorithms have been added in the registry which enables the monitor to block suspicious emails.

—eScan will prevent opening any attachment with ZIP and CAB having SCR or PIF file in it. All files containing ZIP, CAB or EXE files that are even less then 1 MB will be prevented from opening.

—It is supported on Email Clients only. Browser based Email clients are not supported currently.

—Password protected files will not be scanned or checked.

eScan is equipped with the following options to combat CTB Locker

—eScan maintains and regularly updates a list of block listed domains, that spread malware infection and viruses or, are itself infected. User Access to such domains is automatically blocked by eScan.

—Active Virus Control – eScan blocks applications that try to open certain type of files on user computer.

—Advanced Cloud Protection with eScan Security Network -

—eScan's Cloud Protection module identifies new threats faster with global threat intelligence engine and immediately responds to latest threats.

—Monitors the internet round the clock for malware outbreaks and threats.

www.escanav.com

3.

Anti-VirusAnti-Virus && ContContentent SecuritySecurity About eScan eScan, one of the leading Anti-Virus &

Anti-VirusAnti-Virus && ContContentent SecuritySecurity

About eScan eScan, one of the leading Anti-Virus & Content Security solutions for Desktops, Smartphones and Servers, is developed and marketed by MicroWorld. It is powered by innovative and futuristic technologies, such as MWL Technology, DIRC Technology, NILP Technology, and sophisticated Anti-Virus Heuristic Algorithms that not only provides protection from current threats, but also provides proactive protection against evolving threats. eScan provides 24x7 free remote support facility, integrated in the software to help customers to get their malware related issues resolved in the fastest possible time-frame. It has achieved several certifications and awards from some of the most prestigious testing bodies, notable among them being AV-Comparatives, Virus Bulletin, AV-Test, ICSA, and PCSL labs. Combining the power of various innovative technologies, eScan provides Multi-level Real-time Protection to digital devices and Networks. For more information, visit www.escanav.com.

www.escanav.com

Real-time Protection to digital devices and Networks. For more information, visit www.escanav.com. www.escanav.com 4 .

4.

Our Offices

USA:

MicroWorld Technologies Inc.

31700 W 13 Mile Rd, Ste 98

Farmington Hills, MI 48334, USA.

Tel:

+1 248 855 2020/2021

Fax:

+1 248 855 2024.

TOLL FREE: 1-877-EZ-VIRUS (USA Only)

E-mail: sales@escanav.com Web site: www.escanav.com

Malaysia:

MicroWorld Technologies Sdn Bhd.

(722338-A)

E-8-6, Megan Avenue 1, 189, Jalan Tun Razak,

50400

Kuala Lumpur, Malaysia.

Tel:

+603 2333 8909 / 8910

Fax:

+603 2333 8911

E-mail: sales@escanav.com Web site: www.escanav.com

Mexico:

eScan Mexico Manzana 3, SuperManzana 505, Lote 13, Fraccionamiento Pehaltun, C.P. 77533, Cancun, Quintana Roo, Mexico.

Tel:

+52 998 9893157

E-mail: ventas-la@escanav.com Web site: www.escanav.com.mx

www.escanav.com

Web site: www.escanav.com.mx www.escanav.com Anti-VirusAnti-Virus && ContContentent

Anti-VirusAnti-Virus && ContContentent SecuritySecurity

India: Germany: MicroWorld Software Services Pvt. Ltd. CIN No.:U72200MH2000PTC127055 Plot No.80, Road No.15, MIDC,
India:
Germany:
MicroWorld Software Services Pvt. Ltd.
CIN No.:U72200MH2000PTC127055
Plot No.80, Road No.15, MIDC,
Marol, Andheri (E),
Mumbai- 400 093, India.
MicroWorld Technologies GmbH
Drosselweg 1,
76327 Pfinztal,
Germany.
Tel:
Tel:
+91 22 6772 2900
+91 22 2830 4750
Fax:
+49 72 40 94 49 0920
+49 72 40 94 49 0992
Fax:
Toll Free No: 1800 267 2900
E-mail: sales@escanav.com
Web site: www.escanav.com
E-mail: sales@escanav.de
Web site: www.escanav.de

South Africa:

MicroWorld Technologies South Africa (Pty) Ltd. 376 Oak Avenue, Block C (Entrance at 372 Oak Avenue), Ferndale, Randburg, Gauteng, South Africa.

Tel:

International: +27 11 781 4235

Fax:

E-mail: sales@escan.co.za Web site: www.escan.co.za

Local 08610 eScan (37226)

+086 502 0482

Brasil:

eScan Brasil Ltda

Rua Augusta, 1836 - 7o Andar CEP 01412-000 - São Paulo - SP Brasil.

Tel:

+55 11 4063 6500

Fax:

+086 502 0482

E-mail: vendas@escanbr.com.br Web site: www.escanbr.com.br

5.