After recent activity and research around the world, ESET has managed to detect a malicious downloader under the name Nemucod and warns users about an increased number of infected emails containing a malicious attachment, which downloads and installs ransomware onto an infected device.
When opened, it encrypts victims’ files on their PCs and requires a ransom for decryption. This downloader is wide-spread via emails, which contain attached zipped files.
“Nemucod currently downloads mainly ransomware, for example TeslaCrypt or Locky. These encrypt the data on the victim’s computer and demand ransom,” says Carey van Vlaanderen, MD of ESET Southern Africa.
Both TeslaCrypt and Locky ransomware use encryption standards similar to those used by financial institutions when securing online payments.
The virus has been detected in Europe, North America, Australia and Japan – South Africa is prone to receiving such threats as well.
Here are a few tips on how to protect yourself against this threat:
• Do not open attachments sent to you in emails from unknown senders.
• Warn colleagues who most frequently receive emails from external sources – for instance financial departments or human resources.
• Regularly backup your data. In case of infection, this will help you recover all your data. An external disc or other storage should not remain connected to computer in order to avoid infection by filecoder.
• Regularly install updates of your OS and other software you use. If you still use Windows XP, seriously consider moving to other, supported operating system of Windows.
• Security software must also be used with all updates installed, ideally with the latest version. IT security vendors are packing new versions of their software with additional security features.
• Users of ESET solutions are protected when ESET LiveGrid Reputation System is turned on. This technology protects users’ devices against ransomware by actively blocking their processes.