Ransomware Attack :- Arena Extension

If files got encrypted with ‘arena’ file extensions on the server system then you are infected by an Ransomware infection.

As part of this communication, we would like to educate, create awareness and share some insights into the spurt in ransomware (e.g Cryptolocker) attacks that have drawn attention in prominent dailies, newspapers and websites. And these are just not one or two isolated incidents, but impacting consumers and organizations affecting business operations, productivity and incurring additional costs.

The ransomware encrypts the files on the computer which it infects by likely using the AES (Advanced Encryption Algorithm) after which holds the encrypted files on your system.

The decryption of all the encrypted files is not possible in these cases.

Nowadays Ransomware is being spread and executed by criminals by directly gaining access to the victim’s computer through Remote Desktop. By default, Windows Remote Desktop will work only on a local network unless configured otherwise on a router or H/W firewall. This is usually seen in organizations where systems (usually servers) are accessed from multiple branches for various tasks. This explains why most of the affected systems are Windows Server OS.

Remote access to the victim’s computer is gained by using brute-force techniques which can effectively crack weak passwords.
Quick Heal has an proactive solution (Anti-ransomware) to protect your system against Ransomware. But in addition to that Quick Heal have also released our Backup and restore tool to avoid any loss of data from the system.

Quick Heal will perform the required troubleshooting steps and recommended to remove the network sharing to avoid further infection in the network.

In future to avoid Ransomware attacks kindly refer the below suggestions:

* Suggestions on how to prevent Ransomware:
New Ransomware Attack:- Arena Extension
Download software only from trusted websites. Threats such as Locky Ransomware are often hidden in legitimate software on these untrusted sites, so make sure you download each time software from trusted source.
You install any software unless you know exactly what it is. Usually, a rootkit will look like a useful piece of software that allows you to access your system without your knowledge. Take time to read the end user license agreement or find the related reviews on Google.

* Some other preventive measures include:

Apply Patch for vulnerabilities used by this Ransomware from :
https://technet.microsoft.com/enus/library/security/ms17010.aspx

Kindly Change the ports used for Remote Desktop connections (RDP connections)
https://support.microsoft.com/enus/help/306759/how-to-change-the-listening-port-for-remote-desktop

– Ensure that you are using the latest Quick Heal Antivirus software.
– Don’t open spam emails or attachments
– Avoid pop-ups and fake notifications which offers eye-catching deals etc
– Restrict automatic downloads and updates(For Browser)
– Don’t forward any unauthorized email that offers eye-catching deals etc
– Do not turn off ‘Email & Internet protection’ of Quick Heal.
– Keep your Quick Heal password protected (Configure strong passwords).
– Do not disable the Quick Heal’s Self-protection.

Reference by Quickheal.com