We were recently attacked by this ransomware when a user launched a javascript file in a spam email. Once the client computer was infected, it began encrypting files on the computer as well as mapped and unmapped shared drives. Avast didn’t notice the activity associated with the virus so it continued its encryption process. After a network scan Avast didn’t ID any suspicious files because the encrypted files are a normal windows file type. Additionally Avast wasn’t able to identify the client that was infected. We had to track it down ourselves. Is anything being done to identify this type of ransomware? I’ve seen nothing from Avast to help business users deal with this problem. What if any recommendations do you have to prevent this type of attack?
After a network scan Avast didn't ID any suspicious files because the encrypted files are a normal windows file typeFiletype doesn't matter. It is about the content of a file. Perfect example is the Eicar test file. It is just a plain and simple txt file, but it does get detected (which ofcourse is the purpose of it)
avast is working on a special tool to detect ransomware.
I don’t know the progress of it though.
Best prevention is knowledge.
Teach users not to just click on links and especially not on links in mails. 