Jump to content

Isn't ESET Internet Security should prevent from Ransomware? Even through there was ESET Internet security installed in the computer, ransomware encrypt my files.

Aniket

By Aniket
in Malware Finding and Cleaning

 Share

Recommended Posts

  • Administrators
Marcos

Marcos 5,074

Posted
  • Administrators
Posted

If you have your system protected against attackers logging in under an administrator account, then the protection against new malware (include ransomware) is excellent. However, if attackers can log in via RDP, pause protection and then run malware (ransomware) undetected, then the primary problem is in unsecured RDP.

Please contact samples[at]eset.com and provide:

- a handful of encrypted files (ideally Office documents)
- the ransomware note (payment info)
- logs collected with ESET Log Collector (ESET must be already installed, activated and updated prior to collecting logs).

Link to comment
Share on other sites
itman

itman 1,659

Posted
Posted (edited)

Some additional important information:

Quote

In addition, the STOP-Djvu Ransomware does the following:

1) leaves behind a software module that steals personal information from browsers and other programs;
2) modifies the hosts file to prevent browsers from opening anti-virus companies' websites and forums (like this one) that helps victims.

For these targets:

1) after checking and cleaning the PC, when it is be confirmed that there are no other malicious modules, you need to replace the passwords for all sites with more complex ones (at least 12-16 characters, including A-a, Z-z, 0-9, @ # $).
2) you need to reset or delete the modified hosts file, without it, all legitimate sites will be available to you.

The path to this file is: C:\Windows\System32\drivers\etc\

https://support.emsisoft.com/topic/31789-got-infected-by-gero-ransomware-file-need-decrypt/

Additionally, it appears this variant is not decryptable:

Quote

It's important to note that STOPDecrypter will not be able to help with this newer variant of STOP/Djvu. They've changed the encryption method they use, and STOPDecrypter doesn't support it.

 

Edited by itman
Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...