Lately, we’ve been seeing a huge number of Filecoder outbreaks all around the globe – a trend that puts a lot of pressure on businesses as customers, even on competitor Endpoint Security Solutions usually request file decryption service from us. Apparently, lots of new and more complex Filecoder variants show up on a daily basis due to many factors ranging from human sabotage, poor configuration and management of security solutions etc
ESET is more than happy to inform you that we can decrypt affected files in the case of any incident from a new and/ or unknown variant, however, with certain terms and conditions.
As malware developers are getting better in developing more complex Filecoders and data retrieval is getting even more difficult, prevention is more important than ever before – best practice is to use a backup solution along with properly configured ESET antivirus solution in order to maximize antivirus protection level and of course, also to generally evade infection.
The following set of information should always be adopted and practiced by IT Administrators:
Keep antivirus product version up to date. (current ESET Endpoint Solution Version - ‘6.4.29’)
Keep HIPS, Advanced Memory Scanner and Exploit Blocker enabled - these newly designed ESET algorithms strengthen protection against malware that has been designed to evade detection by antimalware products through the use of obfuscation and/or encryption.
Keep LiveGrid enabled - in many cases, product with LiveGrid enabled may respond faster to new threats than standard virus signature database update. Additionally, it’s always good to test whether the LiveGrid feature works properly, you can test LiveGrid using CloudCar which is available at AMTSO website: http://www.amtso.org/feature-settings-check-cloud-lookups/
Minimize the risk of malware attack - do not disable User Account Control (UAC). Do not open suspicious attachments purporting to be a fax, invoice, receipt, which have a suspicious name or you did not expect them at all.