Malware uninstalls Antivirus | AVCrypt Ransomware | Summary and Q&A

15.8K views

•

March 29, 2018

Malware uninstalls Antivirus | AVCrypt Ransomware

TL;DR

The AV Crypt ransomware targets specific antivirus programs and encrypts user files, with possible intentions for security research or exploitation attempts.

Install to Summarize YouTube Videos and Get Transcripts

Key Insights

🐕‍🦺 The AV Crypt ransomware specifically targets malwarebytes and Windows Defender, disabling their services and installing them entirely.
👤 It attempts to disable the Windows Security Center and user account control as part of its chain of events.
📁 The ransomware encrypts user files and displays a ransom note but does not provide any information on how to unlock the encrypted files.
👨‍🔬 The AV Crypt ransomware may have been created for security research purposes or as an attempt to exploit antivirus programs.
🖤 There are speculations regarding the intentions and motives behind the ransomware, as it lacks common elements found in profit-driven ransomware.
🌍 Real-world samples of the AV Crypt ransomware attempting to exploit antivirus programs are uncertain.
👤 The ransomware creates a process named after the user as part of its mischief.

Transcript

hello and welcome to the PC security channel this is going to be a really quick video talking about the AV crypt ransomware as far as I'm aware this ransomware is not one that's in the wild or being propagated for the purposes of profit doesn't really make sense because it doesn't have any email credentials or payment method in order to sell recove... Read More

Questions & Answers

Q: What is the purpose of the AV Crypt ransomware?

The AV Crypt ransomware appears to target antivirus programs, specifically malwarebytes and Windows Defender, by disabling their services and installing them completely. It then proceeds to encrypt user files and displays a ransom note.

Q: Why doesn't the AV Crypt ransomware have a payment method or email credentials for selling recovery to victims?

The AV Crypt ransomware seems to lack a payment method or email credentials, suggesting that it may not be designed for profit. It is speculated that it could be for security research purposes or an attempt to exploit antivirus programs.

Q: What kinds of AV solutions may be immune to the AV Crypt ransomware's method?

AV solutions with robust self-protection mechanisms are less likely to be affected by the AV Crypt ransomware's method of disabling antivirus programs. The specific AV programs targeted suggest that they may have vulnerabilities in this regard.

Q: What happens if the user does not press "OK" on the prompts displayed by the AV Crypt ransomware?

If the user does not press "OK" on the prompts displayed by the AV Crypt ransomware, it is assumed that the ransomware will not proceed with encrypting the data. However, further details about the consequences are not provided.

Summary & Key Takeaways

AV Crypt ransomware does not seem to be propagated for profit but rather targets specific antivirus programs like malwarebytes and Windows Defender, disabling their services and then installing them entirely.
The ransomware encrypts user files and displays a ransom note, indicating that it disables the Windows Security Center and user account control as part of its chain of events.
It is uncertain whether real-world samples of this ransomware attempting to exploit antivirus programs will appear in the future.