(‘Companies House’ is the United Kingdom’s registrar of companies)
Thanks for submitting the message to us for inspection:
It is Ransomware indeed. We tested it with the current RansomSaver version and it was marked as Ransomware..
The Companies House logo is quite catchy. I believe some people will definitely enable the content and get infected.
There is code waiting to run and infect your computer…
The criminals registered a fake domain. It looks very real but it is not !
Don’t forget to have your macro settings Disabled. (Do it for all of your computers)
See below for a short ‘How To’:
New Ransomware version storming the planet. It comes as a normal Word document:
When you try to open the document you will be asked to update the Word Fields. Even if you have your Macro settings disabled, you will still get this message:
Do not click the Yes button because there is code hidden to encrypt your files:
New RansomSaver version available ! Includes all latest RansomWare variations.
Also includes a fix for handling .rar and .7z attachments.
When you get this pop up window in your Outlook, please click the “Yes” button to start the update.
Click the “OK button to download files from our web site.
If your Outllook does not automatically exit, please close it yourself.
Start the setup process to update RansomSaver.
We came across with a new extension that carries Ransomware: .xz
It’s a compressed file similar to .zip and .rar and can be opened by 7zip
However our WinZip and WinRar versions were not able to open it.
This is how it looks like:
Ace compressed files were popular around 2000. They can still be opened my modern decompress software. Inside this file there is an executable file
ready to encrypt your files and ask for ransom. Don’t open it. Our software will safely move this email under ‘RansomSaver’ folder in ‘Deleted Items’.
New free application added: ShadowReport.
Automate collection of Shadow Copies info and receive a detailed report via email to your mailbox.
Enable Shadow Copy and add an extra layer of recovery against Ransomware.