Looks like one Avira email but... this is bait!

Looks like one Avira email but... this is bait!

Looks like one Avira email but… this is bait!

It’s well known that Ransomware often spreads via email. Most of them are phishing emails.

Of late some of those emails are claiming in their subject line that they are an invoice from Avira. But that’s not all: they also come with a malicious attachment.

The message states: Avira – virus protection invoice with the number 329080 Attached you can find your digitally signed invoice.

Are those real Avira mails?

No. Avira will never send an email like this one. But, the risk goes far beyond just Avira. You should always be extremely cautious in opening email attachments as spam emails are increasingly personalized. They can contain surprisingly detailed information like your name and surname. In this case, the ransomware that is being spread through this phishing email is the well-known Cryptolocker. Avira already detects and protects you against this kind of threats. Strictly for informational purposes, we are going to show you how the malware infects your machine.

This is what happens when you download & open the attachment

Once the attachment “zip” file is open and the content executed, one file will be downloaded from the browser.

How it looks alike by using the Internet Explorer browser. The message states: Please print this invoice.
How it looks alike by using the Google Chrome browser.

 

Downloaded file

As you can see in the pictures, some browsers will notice that something is wrong with the downloaded file. If we ignore the warnings and execute it, another “exe” file will be downloaded. This one will finally infect our machine and encrypt our files. The ransomware will show you the necessary steps you must follow in order to (maybe) recover the encrypted files.

The message states: Warning – We have encrypted your files with the CryptßL0cker virus.
This is the tutorial how to get your files decrypted.

What can you do?

Now – what can you do in order to not fall into this trap? We have the following recommendations:

If it’s too late and your files are already encrypted, do not pay the ransom. It is very unlikely that you’ll ever get your files back – even after paying up.

 

For additional precautions against ransomware take a look at our video and don’t forget: Avira Antivirus Pro already protects you against this ransomware.

Please accept personalization cookies to watch this video.

This post is also available in: German

Exit mobile version