Antivirus Firm
Home » antivirus » AVCrypt ransomware attempts to eradicate your antivirus

AVCrypt ransomware attempts to eradicate your antivirus

The malware attempts to take your antivirus products out of the equation before locking systems.

A new type of ransomware which tries to uninstall security software on victim PCs has been discovered in the wild.

The ransomware, dubbed AVCrypt, was first discovered by MalwareHunterTeam and later analyzed by security professionals at Bleeping Computer.

According to an analysis of the malware, AVCrypt will attempt to not only remove existing antivirus products before encrypting a compromised computer but will also delete a selection of Windows services.

Researchers Lawrence Abrams and Michael Gillespie say that the ransomware “attempts to uninstall software in a way that we have not seen before,” which marks the malware as unusual.

The true purpose of the malware — which appears to be ransomware due to its capabilities — is also in question, as some elements appear unfinished. There are elements of encryption, but no true ransom note, and together with AVCrypt’s process deleting, it is possible the malware may also be utilized as a wiper.

It is not yet known how AVCrypt targets victims. However, when the malicious code executes on a victim’s PC, the malware will first attempt to remove security software by targeting Windows Defender and Malwarebytes, or by specifically querying for other antivirus software before attempting to uninstall the programs.

In order to eradicate AV products, the ransomware deletes Windows services which are required for the protective services to run properly, including MBAMProtection, Schedule, TermService, WPDBusEnum, WinDefend, and MBAMWebProtection.

The malware then checks to see if any antivirus software is registered with the Windows Security Center and deletes these details through the command line.

During tests, however, the researchers say that the malware was unable to delete Emisoft antivirus software through these techniques.

Whether or not the deletion of Windows services to hamper AV protections would work with other solutions is unknown.

The wiper features do not completely destroy Windows builds, but likely will cause service degradation.

Once this stage is complete, AVCrypt then uploads an encryption key to a TOR location together with system information and timezone. The malware then scans for files to encrypt, renaming them in the process.

The ransom note, saved as “+HOW_TO_UNLOCK.txt,” does not contain any decryption instructions or contact information; instead, there is what appears to be placeholder “lol n” text.

It appears that the ransomware is in development stages, and while there is a tenuous link between AVCrypt and a recent attack on a Japanese university, it is not known whether the malware was responsible.

Microsoft told the publication that only two samples of this malware have been detected and so the company also believes that AVCrypt is not yet complete.

“This ransomware is quite destructive to an infected computer, yet at the same time does appear to upload the encryption key to a remote server,” the researchers say. “Therefore, it is not known whether this is a true ransomware or a wiper disguised as one.”

About antivirusfirmadmin

Buy, Renew, Antivirus, Antivirus Software, Antivirus Software License, Best Antivirus Software Provider Company in Delhi - India

 

 

 

 

Antivirus or anti-virus software (often abbreviated as AV), sometimes known as anti-malware software, is computer software used to prevent, detect and remove malicious software. Antivirus software was originally developed to detect and remove computer viruses. Antivirus Firm can protect from malicious Browser Helper Objects (BHOs), browser hijackers, ransomware, keyloggers, backdoors, rootkits, trojan horses, worms, malicious LSPs, dialers, fraudtools, adware and spyware. Some products also include protection from other computer threats, such as infected and malicious URLs, spam, scam and phishing attacks, online identity (privacy), online banking attacks, social engineering techniques, Advanced Persistent Threat (APT), botnets DDoS attacks.

 

Antivirus Firm is an IT Monteur Antivirus Software Provider Company provides Managed Antivirus Software Support, Antivirus Software Install, Configuration, Support, Antivirus Security Service Provider, Computer Security Services, Antivirus Solutions India , New Delhi - India's capital territory , Mumbai - Bombay , Kolkata - Calcutta , Chennai - Madras , Bangaluru - Bangalore , Bhubaneswar, Ahmedabad, Hyderabad, Pune, Surat, Jaipur, Anti Virus Software Service Provider in India

 

Sales Number : +91 9582 90 7788 | Support Number : +91-9654016484
Sales Email : sales@itmonteur.net | Support Email : support@itmonteur.net

Register & Request Quote | Submit Support Ticket