The FBI Ransomware has been infecting machines from around the world and is the top Ransomware for five weeks straight now, based from NABU Consumer data.
Recently, a new variant started spreading under the guise of the Royal Canadian Mounted Police.
Trend Micro's standalone solution is the AntiRansomware and received positive feedback from Support Engineers:
- Tool was able to execute on an infected environment and kill the ransomware process.
- For ransomware which uses digitally signed process, the tool will not kill the process and instead minimize it.
AntiRansomware Tool 2.0 build 13:
- Now supports the latest variant of ICE Ransomware
AntiRansomware Tool 2.0 build 11:
- Samples that only cover a small part of the screen but disables window switching are now detected.
- Tool is now able to detect the foreground window where cursor is locked.
AntiRansomware Tool 2.0 build 10:
- Fixed issue in ICE Ransomware cleanup
- Implement process protect mechanism to prevent the tool from being killed by ransomware. WinXP x64, Win2003 x64 are not supported by this feature.
- Less strict terms/rules to determine whether a file is a malware or not. As long as the file in registry autorun key has no digital signature, it will show suspicious. Because of this feature, the user should fix items on AR Tool carefully.
- Go to Safe mode with Networking.
- Download the AntiRansomware Tool and save it to your desktop.
- Double-click AR20_build13.exe to run it. This tool can be installed on Safe Mode with Networking. Also through USB on Regular Safe Mode and Safe Mode with Command Prompt.
- Click Install to start extracting the AntiRansomware tool. For Windows XP users, make sure to uncheck "Protect my computer and data from unauthorized program activity" before running the tool.&
- Once AntiRansomware has been installed, restart your computer and go to normal mode where the screen is locked by the ransomware.
- Trigger the AntiRansomeware Tool by pressing the following keys: Left CTRL + ALT + T + I. The key press should be done on the client’s keyboard and not from support side (Remote Control/LMI). In some cases, the key press may need to be done more than once.
- The screen lock should terminate and the AntiRansomware screen should appear.
- Click Scan to scan the computer for any ransomware files.
- Review and select the threats that you have verified to be malicious then press Clean.
- Click Reboot to restart the computer.