AVCrypt: New ransomware targeting antivirus software

A computer virus that seeks out and destroys antivirus software; that’s AVCrypt, a new ransomware variant which has recently been discovered.

The AVCrypt malware is designed to locate and delete PC antivirus software Windows Defender and Malwarebytes and then install ransomware onto an infected computer. By eliminating the computer’s antivirus programs before beginning the ransomware attack, AVCrypt effectively removes the local security protection that most PCs rely on to prevent such attacks, making this a very dangerous new malware strain.

AVCrypt was discovered by cyber-security researchers Lawrence Abrams, MalwareHunterTeam and Michael Gillespie. The researchers warned about their discovery in a Bleeping Computer blog post on Friday, March 23, saying that the new malware variant appears to be in an early stage of development and has probably not been deployed in cyber-attacks yet.

When AVCrypt is completed and used in an attack it will pose a formidable threat. The code is designed to be installed covertly, so it could be used as part of an email attack, delivered to the victim’s computer in the guise of an innocent looking email attachment.

The victim of an AVCrypt attack would be unaware of the malware deleting their local antivirus software; the first sign of anything being wrong would be a pop up on their screen threatening to delete all their files and demanding a ransom.

As well as eliminating antivirus software, the AVCrypt ransomware also prevents an infected computer from restarting so the victim of an attack wouldn’t even be able to shut down their machine to stop the attack.

The malware researchers who discovered AVCrypt on Friday warned that although this new ransomware is still not completed, it could be deployed in email attacks soon.

 

Stop email attacks with the cloud

Cloud-based email filtering is essential in combating new malware variants like AVCrypt. This new ransomware will not be stopped by endpoint antivirus so the emails carrying the virus need to be detected before they arrive.

If your company’s email accounts aren’t protected by email filtering, malicious emails are probably being received by your staff every day.  People are not machines; we are all capable of making bad judgement calls. Cybercriminals know we can be tricked; that’s why they use email as the delivery vector for their attacks, sending out millions of scam messages daily.

Without email filtering protecting your business, it’s just a matter of time before someone in your organisation has a momentary lapse of judgement and clicks on the wrong thing, exposing your company to attack.

 

Next steps:

To learn more about the NDB, check out our Security Webinar: The rise of cybercrime.