A fake encryption virus is spreading online

15 September 2017
No sooner had users around the world recovered from the effects of the Petya and Wannacry viruses than another encryption attacker began to spread. However, it seems that the attackers decided to rely on threats rather than real action. The spread of another malware called MSIL/Hoax.Fake.Filecoder was warned about by ESET specialists, a company known to many thanks to the NOD32 antivirus. According to them, after infiltrating a victim's PC, the virus spreads a window full screen demanding a ransom of 0.5 bitcoins to be paid within three days to restore access to data on the device. After that time, the ransom amount will double, and after 7 days, it will be impossible to decrypt the files. The scenario looks pretty familiar and certainly inspires some concern, were it not for one interesting point. The malware does not have any encryption functions - its code simply does not implement any encryption algorithm. Obviously, the attackers decided to take advantage of the encryption fear that was raised around the world thanks to the global infections with Petya and Wannacry viruses. Indeed, seeing a notification about data blocking on a PC, many users will immediately remember the recent attack and not even think to look into what is going on. But as it turned out the only way to get rid of the ransom demand is to reboot the computer. Despite the fact that MSIL/Hoax.Fake.Filecoder appeared to be a fake encoder, ESET specialists recommend to ignore spam-mails and not to follow suspicious links, as well as not to open attachments from emails from unknown senders. Besides, it is necessary to use a reliable antivirus and keep the virus databases up to date.