Ransomware has become one of the most prevalent and dreaded security threats facing businesses today, and it represents an incredibly lucrative goldmine for the cybercriminals who carry out these attacks.

What is Ransomware?

Ransomware is malware for data kidnapping, an exploit in which the attacker encrypts the victim’s data and demands payment for the decryption key.  It spreads through e-mail attachments, infected programs and compromised websites. A ransomware malware program may also be called a cryptovirus, cryptotrojan or cryptoworm.

Attackers may use one of several different approaches to extort money from their victims:

  • After a victim discovers he cannot open a file, he receives an email ransom note demanding a relatively small amount of money in exchange for a private key. The attacker warns that if the ransom is not paid by a certain date, the private key will be destroyed and the data will be lost forever.
  • The victim is duped into believing he is the subject of an police inquiry. After being informed that unlicensed software or illegal web content has been found on his computer, the victim is given instructions for how to pay an electronic fine.
  • The malware surreptitiously encrypts the victim’s data but does nothing else. In this approach, the data kidnapper anticipates that the victim will look on the Internet for how to fix the problem and makes money by selling anti-ransomware software on legitimate websites.

EarthBend Distribution is proud to offer the complete line of Internet security software and managed services solutions from AVG Business.  AVG just released six new ransomware decryption tools for our channel partners and their clients.  The free tools decrypt the recent ransomware strains Apocalypse, BadBlock, Crypt888, Legion, SZFlocker and TeslaCrypt.  In a recent AVG Business blog post, Ryan Vallee, AVG Business Product Management Lead, discussed these new tools and how they can protect your customers.  We have republished that post here:

AVG offers free ransomware decryptor tools for businesses

AVG just released six new ransomware decryption tools for our channel partners and their clients.  The free tools decrypt the recent ransomware strains Apocalypse, BadBlock, Crypt888, Legion, SZFlocker and TeslaCrypt.

While our AVG Business products help detect and block against all known ransomware strains –  including this recent six – our AVG partners now have helpful tools if a new client, or even a prospect, has a situation where files are already infected by ransomware.

With our new decryption tools, you should be able to recover your clients’ files and data without paying the ransom.

Using the AVG ransomware decryption tools

To use our AVG decryptor tools for the six recent ransomware strains, follow our simple five step process to unlock the encrypted files:

  • Run a full system scan on the infected PC and quarantine all the infected files.
  • Identify which infection strain encrypted the files. See the descriptions of each strain below. If the ransomware infection matches the strain details, download the appropriate tool and launch it.
  • The tool opens a wizard, which breaks the decryption process into several easy steps.
  • Follow the steps and you should again be able to reclaim your files in most cases.
  • After decryption, be sure to properly back up restored files.

The six ransomware strains and AVG decryptor tools include:

  • Apocalypse
    • Description: The Apocalypse ransomware appends “.encrypted,” “.locked,” or “.SecureCrypted” to names of encrypted files (e.g. example.docx.encrypted, docx.locked, example.docx.SecureCrypted). It also creates ransom messages in files with extensions “.How_To_Decrypt.txt”, “.README.Txt,” or “.Contact_Here_To_Recover_Your_Files.txt” (e.g. example.docx.How_To_Decrypt.txt, example.docx.README.Txt)
    • In those messages, you can find contact addresses such as decryptionservice@mail.ru, dr.compress@bk.ru, decryptdata@inbox.ru, or recoveryhelp@bk.ru.
    • For example:
    • Download the AVG decryptor tool: AVG offers one decryptor tool for the early versions of Apocalypse and one for the current version:
    • http://files-download.avg.com/util/avgrem/avg_decryptor_Apocalypse.exe
    • http://files-download.avg.com/util/avgrem/avg_decryptor_ApocalypseVM.exe
  • Crypt888
    • Description: Crypt888 (aka Mircop) creates encrypted files with the prepended name “Lock.” It also changes your desktop’s wallpaper to a message on a black background that begins with, “You’ve stolen 48.48BTC from the wrong people, please be so kind to return them and we will return your files.”
    • Unfortunately, Crypt888 is a badly written piece of code, which means some of the encrypted files or folders will stay that way, even if you pay the fine, as the cybercriminals’ “official decryptor” may not work.
    • Download the AVG decryptor tool:
    • http://files-download.avg.com/util/avgrem/avg_decryptor_Crypt888.exe

At AVG, we take ransomware threats very seriously. We encourage our partners to continue being proactive by using multilayered protection, such as AVG Business solutions, which detect and block ransomware. You can find additional examples of the six ransomware strains and detailed descriptions here.