As part of our ongoing effort to provide better malware protection, the September release of the Microsoft Malicious Software Removal Tool (MSRT) will include detection for the prevalent ransomware family Win32/Teerac.
Figure 1: Teerac encounters since April 2015
Figure 2: Countries most affected by Teerac infections
Teerac is usually downloaded and installed from malicious spam email attachments. The malware tries to encrypt files on the infected PC using Advanced Encryption Standards (AES). It asks for a ransom payment using Bitcoins (equivalent to about USD 500) for the supposed “decryption software”.
Encrypting ransomware families such as Teerac have proven their ability to form part of a business model for malware authors, and as a result we see some samples updated on an almost daily basis in an attempt to evade antimalware detections.
Our malware encyclopedia entry for Win32/Teerac has more details about this malware family.
By adding Teerac to the MSRT we hope to have a bigger impact and reach more affected machines and help remove this threat. However, as with all malware, prevention is the best protection.
Backup your important files
It’s a good idea to back up your important files with a cloud storage service such as OneDrive. OneDrive is integrated into Windows 10 and Windows 8.1.
After you've removed a ransomware infection from your PC, you can restore previous, unencrypted versions of your Office files.
To help stay protected from this and other threats we recommend running up-to-date real-time security software such as Windows Defender for Windows 8.1 and Windows 10.
We also recommend you:
- Ensure all your software is up-to-date.
- Avoid clicking on links or opening attachments or emails from people you don't know or companies you don't do business with.
- Ensure you have smart screen (in Internet Explorer) turned on.
- Have a pop-up blocker running in your web browser.
For more tips on preventing malware infections, including ransomware infections, see: