Ransomware has become a major problem for both the average home PC users as well as multibillion dollar corporations. They both face similar threats of having their valuable information stolen, encrypted and infected. This problem has been further compounded by the fact that every passing week, a distinct ransomware appears which has abilities that have been previously unheard of. Moreover, there are no potent ransomware removal techniques to deal with them either.
Just last week, Zenis left industry experts stunned with its ability to infiltrate the main PC as well as backups. Similarly, in early March, GandCrab was able to transfer itself offline through various channels including speakers and microphones. SamSam ransomware has been able to encrypt the entire server system of the city district headquarters of Atlanta
AVCrypt is the latest ransomware causing havoc in cyberspace, this week. What sets it apart? It can delete your anti-virus before you even realize you’ve been infected with it. Currently, there is no tool to remove ransomware of this kind.
It was discovered this week and has already infected a number of users. Just like most ransomware, AVCrypt does not have a unique source code or even a distinct back end programming code. It distributes itself by attaching itself to an external website’s JavaScript code and then begins infecting a user’s PC. This is where AVCrypt becomes truly nefarious.
The first phase of its attack is to quietly begin deleting vital Windows Services. Most home PC users don’t use these services often and they remain oblivious to it. Finally, when it has left the PC totally vulnerable, it deletes whatever anti-virus a user has on their PC as well as disabling the default Windows Defender.
The peculiarity of this ransomware does not end there. Unlike traditional ransomware attacks, once the PC has been encrypted, there is no automatic ransom note generated. There is widespread speculation about what this malware’s true purpose might be, due to the lack of a proper ransom note. It has not yet been identified which websites this ransomware’s source code attaches itself to.
Some of the essential services that this program deletes include MBAM Protection, Schedule, TermService, WPDBusEnum, WinDefend and MBAMWebProtection. There are undoubtedly other services that are affected by this ransomware, but so far they are yet to be identified.
For assistance with file recovery and ransomware removal, please contact MonsterCloud – cyber security experts for a professional ransomware removal.
