It’s well known that Ransomware often spreads via email. Most of them are phishing emails.
Of late some of those emails are claiming in their subject line that they are an invoice from Avira. But that’s not all: they also come with a malicious attachment.
Are those real Avira mails?
No. Avira will never send an email like this one. But, the risk goes far beyond just Avira. You should always be extremely cautious in opening email attachments as spam emails are increasingly personalized. They can contain surprisingly detailed information like your name and surname. In this case, the ransomware that is being spread through this phishing email is the well-known Cryptolocker. Avira already detects and protects you against this kind of threats. Strictly for informational purposes, we are going to show you how the malware infects your machine.
This is what happens when you download & open the attachment
Once the attachment “zip” file is open and the content executed, one file will be downloaded from the browser.
As you can see in the pictures, some browsers will notice that something is wrong with the downloaded file. If we ignore the warnings and execute it, another “exe” file will be downloaded. This one will finally infect our machine and encrypt our files. The ransomware will show you the necessary steps you must follow in order to (maybe) recover the encrypted files.
What can you do?
Now – what can you do in order to not fall into this trap? We have the following recommendations:
- Never open attachments in emails where you don’t know the sender or the message doesn’t match what the sender would normally write!
- Don’t download files from suspicious or non-trusted sources!
- Create regular backups of your PC.
- Updates for operating system and application are vitamins for your computer
- Make sure you are using the latest version of Avira and make sure that the latest virus definition files are installed
If it’s too late and your files are already encrypted, do not pay the ransom. It is very unlikely that you’ll ever get your files back – even after paying up.
For additional precautions against ransomware take a look at our video and don’t forget: Avira Antivirus Pro already protects you against this ransomware.
This post is also available in: German