AVCrypt: new ransomware targeting antivirus software

Posted by Emmanuel Marshall on 27 March 2018 14:37:27 AEDT

A computer virus that seeks out and destroys antivirus software; that’s AVCrypt, a new ransomware variant
discovered on Friday.

The AVCrypt malware is designed to locate and delete PC antivirus software Windows Defender and Malwarebytes and then install ransomware onto an infected computer. By eliminating the computer’s antivirus programs before beginning the ransomware attack, AVCrypt effectively removes the local security protection that most PCs rely on to prevent such attacks, making this a very dangerous new malware strain.

AVCrypt was discovered by cybersecurity researchers Lawrence Abrams, MalwareHunterTeam and Michael Gillespie. The researchers warned about their discovery in a Bleeping Computer blog post on Friday, March 23, saying that the new malware variant appears to be in an early stage of development and has probably not been deployed in cyber-attacks yet.

When AVCrypt is completed and used in an attack it will pose a formidable threat. The code is designed to be installed covertly, so it could be used as part of an email attack, delivered to the victim’s computer in the guise of an innocent looking email attachment.

The victim of an AVCrypt attack would be unaware of the malware deleting their local antivirus software; the first sign of anything being wrong would be a pop up on their screen threatening to delete all their files and demanding a ransom.

As well as eliminating antivirus software, the AVCrypt ransomware also prevents an infected computer from restarting so the victim of an attack wouldn’t even be able to shut down their machine to stop the attack.

The malware researchers who discovered AVCrypt on Friday warned that although this new ransomware is still not completed, it could be deployed in email attacks soon.


Stop email attacks

Cloud-based email filtering is essential in combating new malware variants like AVCrypt. This new ransomware will not be stopped by endpoint antivirus so the emails carrying the virus need to be detected before they arrive.

If your company’s email accounts aren’t protected by email filtering, malicious emails are probably being received by your staff every day.  People are not machines; we are all capable of making bad judgement calls. Cybercriminals know we can be tricked; that’s why they use email as the delivery vector for their attacks, sending out millions of scam messages daily.

Without email filtering protecting your business, it’s just a matter of time before someone in your organisation has a momentary lapse of judgement and clicks on the wrong thing, exposing your company to attack.

For a few dollars per staff member per month, you can protect your business with MailGuard's predictive email security.
Talk to an expert at MailGuard today about making your company's network secure: click here.

Stay up-to-date with new posts on the MailGuard Blog by subscribing to free updates. Click on the button below:

Keep Informed with Weekly Updates




Topics: Industry News Malware Ransomware Antivirus Cybersecurity scam email cybersecurity advice

Back to Blog


    Something Powerful

    Tell The Reader More

    The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.


    • Bullets are great
    • For spelling out benefits and
    • Turning visitors into leads.

    Recent Posts

    Posts by Topic

    see all