With the news that two malware families, NemucodAES and Kovter are being packaged together in .zip attachments and are being delivered via active spam, AlienVault Security Researcher, Chris Doman has given advice on how to protect against it.
Chris Doman, Security Researcher at AlienVault:
“The best advice with ransomware is to always maintain regular backups that ransomware can’t touch. In the case of NemucodAES, Emsisoft recently published a decrypter for some versions.
“Criminals often pair two different malware families together in the hope that anti-virus software may detect one but not the other.
“Previously, we’ve seen the Locky ransomware distributed with Kovter – now it seems Kovter and NemucodAES are coming across as a pair.
“Both Kovter and Nemucod are normally easy to detect, though NemucodAES’s dependence on malicious scripts, rather than compiled code, can make it harder to detect in some circumstances.”