CRAB files not identified as unsafe by F-Secure
Hello,
Friday the ransomware virus infected my PC and all of my personal data is encrypted.
The PC containts the F-Secure Computer Protection software.
The moment i've runned a scan on the PC with the scan options of F-Secure, no infected file or threats was found.
How is it possible that F-Secure cannot detected the ransomware virus?
Like to hear from you.
Kind Regards,
Stefan Baan
Comments
-
Hi Stefan,
The ransomware would delete itself upon encryption. Hence, post-infection scans would be unable to identify the already deleted malware.
On March 6th, we have released detection for the latest versions of GandCrab ransomware (Trojan.Ransom.GandCrab.C). So, the ransomware should have been blocked by our products at the initial execution.
However, since you mention that the ransomware is not blocked, could you please contact our support team here to send the diagnostic report from the affected machine for troubleshooting? Also, please help to identify the potential sample which might have caused the infection. What we can do is, perform an analysis of the malware to ensure that your F-Secure product can protect against any future contact with it. It is not possible to decrypt the files once it has been encrypted by the ransomware. The course of action we can recommend is to restore the affected files from a clean backup.0
