VCrypt, a new ransomware targeting French users, was analyzed by researchers and discovered to be using a unique mechanism to lock files. Upon execution, the malware drops a copy of the legitimate 7zip command line tool on the victim host. This tool is then used to archive user files with password-protection in place. After the files are archived, the originals are deleted. This process occurs only on the C: drive. On all other drives, the files are simply deleted without any archiving taking place. The ransom letter is an HTML file opened in Internet Explorer after the files have been archived. It is written in French and requests victims visit a website to receive decryption instructions.
|Create password-protected archives|
|Block all threat indicators at your respective controls.|
Always be suspicious about emails sent by unknown senders.
Never click on the links/attachments sent by unknown senders.