Among these ransomwares, a peculiar ransomeware disguised as a QuickTime player has appeared.
Damage case hasn't reported in South Korea so far, however, for preventing its financial damage, we need to be careful on using internet.
2. Spreading path and symptoms of infection
Previously found ransomware was disguised as various types of application, recently found ransomware was masqueraded as a QuickTime player.
Besides, it adopted digital signature of "Avira", one of famous anti-virus SW company.
This ransomware can be injected tampered web page or can be spread as a attachment of e-mail.
Link on messenger or SNS also can be possible.
Since this ransomware has similar icon and file name to QuickTime player's, general users can be easily induced. Furthermore, once infected this ransomware, following run screen will appear.
3. How to prevent
To use PC safely from security threats of these malicious attachments, we recommend following "Security management tips" for general users.
INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function with nProtect Anti-Virus/Spyware for detecting such as malicious file stated above and runs responding system against various security threats.