PEC 2017 ransomware targets Italian users
“PEC 2017” virus is the name of a new crypto-malware which focuses on Italian netizens[1]. Its ransom note, AIUTO_COME_DECIFRARE_FILE.html (HELP_HOW_TO_DECRYPT_FILE.html), informs users how to decrypt files, having .pec file extension, with the decryption software called PEC Cleaner. Users, who are willing to purchase it, should contact the cyber criminals using pec.clean@protonmail.com. Moreover, the developers threaten the victims not to use any third party decrypters nor malware removal utilities as, according to them, no program is able to detect the malware. Luckily, this virus is already detectable by multiple computer security applications. If you have been already affected by this malware, do not waste and money on purchasing the decrypter. Instead, proceed to PEC 2017 removal.
When this malware has emerged, it has sparked suspicions that it has been created on the basis of Delphi scripting language[2]. It is said to be popular among unexperienced wannabe hackers for its simple structure. However, such assumptions have been denied. The ransom message states that the files are encoded with the assistance of AEs-256 algorithm. Interestingly, PEC 2017 malware operates by exploiting CVE-2017-0199 system vulnerability[3]. In other words, when users open a .doc file attached to a corrupted email, he or she spots a prompt box stating that “This document contains links that may refer to other files. Do you want to update this document with the data from the linked files?” When a user enables this content, the executable sends an HTTP request to deliver corrupted HTA file. Likewise, the malicious RTF file contains another embedded script. This triggers mshta.exe file which triggers malicious file. Since the hackers promote their specific tool for data recovery, it is likely that the virus might be decrypted soon. However, until then opt for alternative solutions. In short, remove PEC 2017 and proceed further to data recovery options.
Crypto-malware prevention
Since PEC 2017 ransomware targets devices via spam emails, users should pay utmost attention to the received spam emails. Note that cyber criminals forge persuasive emails which are presented as fake tax reports or notifications about an undelivered parcel or email[4]. In addition, it is necessary to improve the overall security level of the device. For that, combine anti-virus and anti-malware security applications, such as FortectIntego or MalwarebytesMalwarebytes, to secure the device. They might also help in eradicating file-encrypting malware as well. Note a trojan also facilitates PEC 2017 hijack. According to the statistics, it is now detectable as Ransom_CRYPEC.A, Trojan.Win32.Filecoder, Ransom.FileCryptor!8.1A7[5]. The latter definition suggests that it might be related to FileCoder.
Eliminating PEC 2017
It is crucial eradicating the malware as soon as possible. Launch security applications and remove PEC 2017 virus from the device. Even though the malware did not look like an elaborate threat, it is still capable of interfering with elimination procedure. If you cannot complete PEC 2017 removal, the below guide will be of use to you. Only when the threat is completely terminating, data recovery will be of any effect.
Was this guide helpful?
Be the first to comment