Share to Facebook Share to Twitter Share to Google Plus Share to LinkedIn

Hackers are always looking for clever ways to infect users PC’s, ransomware is the most popular choice these days and has made quite an impact in public view with the recent attack on the NHS.

This latest trick, Fenrir, is similar to most other encryption-based viruses; however, it uses a different deployment method that aims to trick users into running the application that encrypts the files.

How it Works

A file appears on your computer as an Adobe Reader.exe file, it carries the same name, properties and icon as Adobe Read.exe and has very few easy identifiers to determine it is malicious.

When a user has clicked this icon it will then go off and encrypt files, after it encrypts a file it will append the file name with the computers manufacturer physical address to the files.

How to Avoid

The main issue here is that a user downloads the fake adobe executable; ideally, a standard user should not be able to download this file type so to prevent this you will need to block this on a firewall router.

The user still needs to run the exe, as with most viruses, it is always important to ensure you only download trusted files and keep all firewalls on and antivirus installed and up-to-date.

If you are unsure, most antivirus software can be triggered manually to scan sections or the entire PC. Running this with an updated anti-virus database will provide the best chance at identifying malicious files.

If the files have been encrypted with the ransomware tool then the data cannot be recovered without the private keys or by restoring files from an uninfected backup.

Further Reading

For more information, please visit: https://www.mysonicwall.com/sonicalert/searchresults.aspx?ev=article&id=1057