The company exchanges multiple emails every day with their partners and with new aspiring clients.
Due to the large number of emails and lack of time staff were just opening all incoming email without first inspecting them to see if they were safe.
In many cases emails with ransomware were opened and our clients computers got infected.
Ransomware is a new generation of viruses, which encrypt the computer's files so the user can no longer access them.
Hackers then ask victims to pay ransom in order to decrypt the infected files.
Our client having fallen a victim to this infection several times and paying large amounts of money to decrypt the company's important data, decided to ask for our help.
We created an application called RansomSaverGuard. The application first creates 4 hidden files in each default folder, my pictures, my documents, my desktop and one more location that can be selected by the user.
Then it monitors these files at regular intervals for any attempt to change them.
If the computer gets infected with ransomware, as soon as it tries to encrypt one of the files that RansomSaverGuard has created the application will immediately shut down the computer,
preventing further spread of the ransomware infection, then makes it impossible to login or access the system until the damage is repaired.
Upon infection RansomSaverGuard sends out an email to the company's technicians, informing them about the incident.
Below you see the RansomSaver Guard control panel.
In the video below you will see how RansomSaver Guard handles a ransomware encryption attempt.
Now let's see what happend in the video step by step.
Here is an email that contains a ransomware.
The unsuspecting victim opens the zip file and runs it
The victim can not see any difference but the ransomware is working on the backround.
Below you can see how the encrypted files look like after the infection.