Just when one would think that an antivirus is the answer to all malware issues, comes AVCrypt. This new ransomware hits straight at the antivirus that is loaded in your PC. It uninstalls the same before encrypting a victim’s files.
AVCrypt: Its Origins
Obviously, no one can pinpoint its exact origin source. But, the only thing that seems to work in our favor is that, there are still very few examples of the same. If this is just a trial version being sent out before a larger, more detailed malware is sent out, we shall never know. But, one can be sure that with it, we stand to lose precious data.
AVCrypt: Its Operation
Notoriously difficult to detect, it detects and deletes the Antivirus on the system and gets to work. A pop up on the screen notifies the user of the ransomware presence. It threatens to delete all data and in turn demand ransom. It is saved on the PC as “+HOW_TO_UNLOCK.txt,” its contents is a simple ‘LOL n”.
There is no information on how to go about the decryption process or any contact information.
Furthermore, apart from the encryption, it also deletes a selection of the Windows services. Due to this deletion, it becomes rather difficult to override the message and shut down the PC.
The Windows services which it deletes are TermService, WinDefend, MBAMProtection, MBAMWebProtection amongst others. Due to this process, there is service degradation. These services are required to run a PC properly. Once deletion has occurred, the malware scans the data that it wants to encrypt. As it does so, it even ends up changing the names of the files.
AVCrypt: The Deal It Delivers
Researchers say, “This ransomware is quite destructive to an infected computer, yet at the same time does appear to upload the encryption key to a remote server. Therefore, it is not known whether this is a true ransomware or a wiper disguised as one.”
Well,they aren’t wrong, because once the encryption is complete, AVCrypt delivers a final trick up its sleeve. It activates a batch file. This file undertakes the cleanup of all the dropped files. It clears the event logs, hiding all traces of its process. To top it all, it manages to delete its entry from the Autorun registry settings.
There is a good chance, that every PC has malware hidden in its memory. This prevents all antivirus programs, from working on the PC.
One of the solutions in such a scenario is changing one’s browser. Usually malware affect one’s browser and disable it. So, you usually use Chrome, switch to Firefox or Safari instead.
Another option one can utilize is by using a removable media. Back up all your precious data on to USB drives or CDs or DVDs. This way even if the antivirus fails one can save their precious data from the malicious attack.
This option is bit tricky but is highly affective. One can start their OS Windows in Safe Mode. It is the shortest way of accessing one’s data on an encrypted PC to access one’s data.
Must Read : 5 Best Ransomware Protection Tools For Windows
All these steps help one defend their data against the onslaught of ransomware and malware which we hope we were protected from by antivirus of our choice.