This ransomware comes to you via email. The purpose of these threats is to extort money from their victims with promises of restoring encrypted data. The ransomware encrypts files with the RSA-2048 algorithm and AES-128 ciphers and asks a ransom for decryption. This type of malware also comes as highly obfuscated JavaScript (file with .JS extension) inside an archive, which is attached to a Spam Mail, usually pretending to be an official document. Opening of such an attachment is enough to get system compromised with Ransomware.
This virus can also spread via file sharing services and social networking sites, which may contain similar attachments and files (which might be presented to you as useful or important) like an update. As the number of incidents of computer systems getting infected by this Ransomware is on the rise and almost all of the reported cases are from the Indian Sub-Continent, we at eScan are issuing an advisory so that further outbreak can be prevented. The encrypted data cannot be decrypted or recovered, as the RSA keys are stored on a hidden server. Although, there are claims of paid alternatives but the success rate is minimal.
eScan advises you to follow the steps given below:
-
If data has been encrypted by Ransomware, do not pay the Ransom at any cost!
-
Isolate the affected system from your Network.
-
Restore the encrypted files from the backup or from system restore point (if enabled).
-
Install and Configure eScan with all security modules active.
-
eScan Real Time Monitoring
-
eScan Proactive protection.
-
eScan Firewall IDS/IPS Intrusion prevention.
-
Restrict user to access email only using Mail Client and block accessing of email via any browser.
-
Do not enable macros in documents received as attachments via email.
-
Do not open attachments if received from unsolicited source.
Deploy and maintain a backup solution
-
And last, but most important, protection of Mail server at Gateway Level with Mailscan to prevent delivering of such suspicious emails