[Warning] Ransomwares are prevalent in these days.

1. Introduction

Recently, ransomwares to bother normal using PC are booming all over the world especially in Russia.
Upon infected, correspondence is tricky and needs a lot of effort to revert its own status, therefore, general users need to be careful on surfing internet.
Financial purpose malicious wares with using various techniques are prevalent these days, and can cause various damages.

2. Spreading path and symptoms of infection

This malicious file has been being spread all over the world. Although visible damage hasn't been reported so far in South Korea, this malicious file can infect all over the world and can show same page.

Ransomwares can be spread via downloading from relatively vulnerable web site after being tampered. Besides attachment of e-mail, instant messenger and links in SNS can be the route for being spread.

Downloaded file is disguised as a video file.

General users can be easily seduced by this social engineering technique.

* Comparison MBR between before/after infected

In the previous ransomwares, once infected, it had changed modified MBR to original MBR. But lately found ransomware doesn't modify unlike previous versions.

"System exit" Window can appear on executing downloaded malicious file.

* System Exit status

This system exit status was occurred by accessing kernel mode on certain function.
Follow figure show the structure.

PC will be rebooted after "3 seconds" of showing system exit Window. All we can do is just seeing.
Then window for inputting certain code will be opened.

User can only input text field and cannot use rest of the window. To use PC normally, it requires certain valid code, which will be given after sending certain amount of money to this Russian cellphone number(9872701688).

3. How to prevent

Ransomware will let user know untruth information like "All data is encrypted. or MBR area was destroyed."
In the company, or some users who are urgent for using his/her PC just follow the guideline and send money.
With its malicious feature, various variants can be emerged. To use PC safely from security threats of these malicious attachments, we recommend following "Security management tips" for general users.

Security management tips

1. Maintain the latest security update on OS and applications
2. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function
3. Do not see and download attached file from suspicious e-mail.
4. Keep caution to link from instant messenger and SNS.
5. Execute downloaded file after scan with anti-virus SW.

INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function with nProtect Anti-Virus/Spyware for detecting such as malicious file stated above and runs responding system against various security threats.

Diagnosis name

 - Trojan/W32.Timer.78336


  1. hey you can download latest version of lucky patcher anytime now. thanks.

  2. I think that this info on how to write great informative essay could save you lots of trouble in the future. Check it out as soon as you can!

  3. Found Interesting and wonderfull keep sharing official website

  4. This comment has been removed by the author.

  5. Nice blog. This article is very informative. Thanks a lot. I hope you keep on continuing to update like this type of posts..... learn how to install garageband

  6. appvn ios
    appvn app
    minecraft appvn
    appvn 2019
    I hope you keep on continuing to update like this type of posts..

  7. walmartone login is an online portal that belongs to Walmart Inc, one of the biggest retail chains in the United States. Walmart operates some of the largest grocery stores, departmental discount stores, and retail stores across the globe. WalmartOne portal is destined to assist its employees and associates in using a number of features remotely with their devices.

  8. Wales publications are well-known publishing solution providers in various disciplines in the UK, Wales Publications serving to scientific organizations worldwide. Contact us for further information and know our best services and deals to achieve your goal.The fast submission process includes rapid publication research in UK that includes unique rapid process, inhouse peer review and 100% acceptance guarantee.