12345

5/18/2011

[Warning] How to respond to ransomwares

1. Introduction

Recently, RANSOMWARES, to require money for repairing PC with showing untruth information, have been spread widely.
If infected, Window is blocked by ransomware.
To use window, user have to pay for getting key to release locked window.
For using window without threats of this ransomware, we hope this post will be helpful to you.

2. Spreading path and symptoms of infection

Ransomwares can be spread via vulnerable web site, attatched file on e-mail, instant messenger, and SNS(Social Network Services).

If infected, it "LOCKS" window and doesn’t allow using window without certain steps such as following figures.



We can find the form to input 10 digits key which will be received after paying certain amount of money.
This locking window will not be removed on rebooting.

3. How to respond

We will let you know how to remove and treat this ransomware.

◆ How to treat

1) Press "F8" on booting and starting window with “safe mode”.


2) On windows, "Start" -> "Run" -> "regedit"

3) Remove registry information on following path.

- Name : [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
- Data : C:\Documents and Settings\(user account)\Application Data\Microsoft\explorer.exe

4) Move following path and remove malicious file.

- Path : C:\Documents and Settings\%username%\Application Data\Microsoft
- File Name : explorer.exe

5) Reboot to complete treatment
  
4. How to prevent

This kind of ransomware can damage not only data but financially.
Since it has big possibilities to emerge various variants, users have to prevent from this malicious ransomware with this following “Security management tips”.

Security management tips

1. Maintain the latest security update on OS and applications
2. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function
3. Do not see and download attached file from suspicious e-mail.
4. Keep caution to link from instant messenger and SNS.

INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function such as malicious file stated above and runs responding system 24 hours against various security threats.

1 comment: