Then, contact the Symantec Enterprise Technical Support to know how to submit files: Hint: in order to help yourself in identifying the malicious files, you can run a threat analysis on the affected machine using the SymHelp tool: Whenever you find a system in your environment which is being infected from this kind of encrypting threat, the first thing to do, even more than in other cases is:Īfterwards, you will need to identify the virus finding the executable file and submit it to Symantec Security Response. If the infection somehow already entered in our environment, the damage, unfortunately is already done.Īnyway, if we identify the threat in a timely manner, we can prevent the threat to spread and contain the damage. When customers pay hackers for threats, such as these, it encourages attackers to continue these tactics and additional attacks against everyone.Īdditional information about those threats exe is removed (deleted/quarantined) and the un-encryption can no longer continue. Then, once Symantec updated our detection, the threat. For some variants, Symantec has received reports that the threat was received, the attacker provided a code to allow the threat to un-do the encryption that has been done on the customer’s files. When a customer pays the hackers, there is no guarantee that the attacker can or will supply a method of unlocking their computer or decrypting their files.
Despit of a number of commercial tools which are released the truth is such: for large RSA key sizes (in excess of 1024 bits), no efficient method for solving this problem is known (this is the so called "RSA problem")Īnyway, to pay the hackers is not a solution at all. The majority of these kind of threats is using an RSA public-key cryptography at 1024 or 2048 bits. Why? The reason is as simple as very often not considered. Symantec products do not decrypt files that have been affected by these threats. These should be replaced from a known-good backup (and Enterprises are responsible for regularly backing up their own important data).
In order not to create misunderstandings, customers need to be aware of the following: encrypted files will remain encrypted. To decrypt the file the hackers generally ask to pay a certain amount of money. Those threats generally, after encrypting the files, sometimes delete themselves or propagate through the network.
Lately it has been noticed an increasing spread of threats which, entering a system by various means are encrypting several files on the attacked system like office documents, database files, e-mail archives, which represent a value for the attacked customer.
0 kommentar(er)
