Ireland worst affected by Nemucod ransomware delivering trojan

Nemucod
Global Nemucod detections

ESET finds that Nemucod, the top infecting malware of recent weeks has a 15,82% world detection rate, but a 50,42% detection rate in Ireland

ESET Ireland warns users against an increased number of infected emails containing a malicious attachment, which downloads and installs ransomware onto an infected device. When opened, it encrypts victims‘ files on their PCs and requires a ransom for decryption.

ESET telemetry detects this malicious downloader as JS/TrojanDownloader.Nemucod and records its unusually high incidence in Europe, North America, Australia and Japan, with Ireland scoring particularly badly, as 50,42% of all detections measured in Ireland are by this particular malware.

Nemucod is wide-spread via emails, which contain attached zipped files. Emails are written in a very trustworthy way, claiming to be invoices, notices of appearance in court or other official documents. Attackers are just trying to get users to open the malicious attachment that contains a JavaScript file, which after it is opened, donwloads and installs Nemucod to the victims PC. Nemucod is known for downloading a diverstiy of other malware available in-the-wild.

Nemucod currently downloads mainly ransomware, for example TeslaCrypt or Locky. These encrypt the data on the victim‘s  computer and demand ransom. Both TeslaCrypt and Locky ransomware use encryption standards  similar to those used by financial institutions when securing online payments.

How to protect against this threat:

  • Do not open attachments sent to you in emails from unknown senders.
  • Warn colleagues who most frequently receive emails from external sources – for instance financial departments or human resources.
  • Regularly backup your data. In case of infection, this will help you recover all your data. An external disc or other storage should not remain connected to computer in order to avoid infection by ransomware.
  • Regularly install updates of your OS and other software you use. If you still use Windows XP, seriously consider moving to other, supported operating system of Windows.
  • Security software must also be used with all updates installed, ideally with the latest version. IT security vendors are packing new versions of their software with additional security features.
  • Users of ESET solutions are protected when ESET LiveGrid Reputation System is turned on. This technology protects users‘ devices against ransomware by actively blocking their processes.

by Peter Stancik, ESET and Urban Schrott, ESET Ireland


5 thoughts on “Ireland worst affected by Nemucod ransomware delivering trojan

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s