New Ransomware That Encrypts Only EXE Files on Windows Machines

[Sept 04, 2018]

A new ransomware has been found that encrypts only EXE files present in your computer including the ones presented in the windows folder, which typically other ransomware won’t do to ensure the operating system function correctly.

According to Bleeping Computer analysis, it scans the computer for the presence of .exe files to make it unusable. It also terminates the process related with Antivirus such as Kaspersky, McAfee, and Rising Antivirus.

The ransomware also encrypts the registry keys that associated with the EXE file to run every time when someone launches the application.

As with any other ransomware, it doesn’t show’s any Ransomed amount instead it asks victim’s to send an email to “2200287831@qq.com” for payment details.

Cyber Security Tips: 

If you’re Infected:

  • Disconnect the Network.
  • Determine the Scope.
  • Understand the version or Type of Ransomware.
  • Determine the Strains of Ransomware.

Mitigation:

  • Use Strong Firewall to block the command & control server callbacks.
  • Scan all your emails for malicious links, content, and attachment.
  • Block the adds and unnecessary web content.
  • Enforce access control permission.
  • Take regular backups of your data.

 

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Blog at WordPress.com.

Up ↑

%d bloggers like this: