{"id":50745,"date":"2015-04-16T01:06:34","date_gmt":"2015-04-16T01:06:34","guid":{"rendered":"https:\/\/www.pcmatic.com\/blog\/?p=50745"},"modified":"2015-04-16T21:38:03","modified_gmt":"2015-04-16T21:38:03","slug":"ransomware-now-disguises-itself","status":"publish","type":"post","link":"https:\/\/www.pcmatic.com\/blog\/ransomware-now-disguises-itself\/","title":{"rendered":"Ransomware Now Disguises Itself"},"content":{"rendered":"<p><\/br><\/p>\n<p><i><font SIZE=\"2\">A new strain of ransomware now disguises itself as &#8216;quarantined&#8217; to help avoid detection.&#8211;PC Pitstop<\/i><\/font><\/p>\n<h4>Ransomware Now Disguises Itself<\/h4>\n<p>By Stu Sjouwerman, for KnowBe4.com Security Awareness Training<\/p>\n<p>A new ransomware strain dubbed CRYPVAULT by Trend Micro is being spread as an email attachment. It&#8217;s currently focusing on Eastern Europe and is making its way to Europe and America. <\/p>\n<p>It&#8217;s a novel approach. In an attempt to bypass any and all endpoint protection, the user is social engineered to open an attached Javascript file. The phishing attack does not have an executable as a payload. Next, it uses the command box to run a batch file that encrypts the files.<\/p>\n<p>According to a post by Michael Marcos, threat response engineer with Trend Micro, CRYPVAULT encrypts the files and then makes them appear to the end-user as if they were quarantined, by giving them the .vault extension. <\/p>\n<p>According to a Monday post by Michael Marcos, threat response engineer with Trend Micro, CRYPVAULT encrypts the files and then makes them appear to the end-user as if they were quarantined, by giving them the .vault extension.<\/p>\n<p><a href=\"http:\/\/blog.knowbe4.com\/new-ransomware-crypvault-makes-files-look-like-they-are-quarantined\" target=\"_blank\">Article Continued Here<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>A new strain of ransomware now disguises itself as &#8216;quarantined&#8217; to help avoid detection.<\/p>\n","protected":false},"author":40,"featured_media":48347,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[4352],"tags":[4363],"class_list":["post-50745","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-knowbe4-com","tag-ransomware"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.3 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Ransomware Now Disguises Itself<\/title>\n<meta name=\"description\" content=\"Ransomware Now Disguises Itself - A new strain of ransomware now disguises itself as &#039;quarantined&#039; to help avoid detection.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.pcmatic.com\/blog\/ransomware-now-disguises-itself\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Ransomware Now Disguises Itself\" \/>\n<meta property=\"og:description\" content=\"Ransomware Now Disguises Itself - A new strain of ransomware now disguises itself as &#039;quarantined&#039; to help avoid detection.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.pcmatic.com\/blog\/ransomware-now-disguises-itself\/\" \/>\n<meta property=\"og:site_name\" content=\"PC Matic Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/pcmatic\" \/>\n<meta property=\"article:published_time\" content=\"2015-04-16T01:06:34+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2015-04-16T21:38:03+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.pcmatic.com\/blog\/wp-content\/uploads\/ransom150.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"150\" \/>\n\t<meta property=\"og:image:height\" content=\"150\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"knowbe4.com\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@pcmatic\" \/>\n<meta name=\"twitter:site\" content=\"@pcmatic\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"knowbe4.com\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.pcmatic.com\\\/blog\\\/ransomware-now-disguises-itself\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.pcmatic.com\\\/blog\\\/ransomware-now-disguises-itself\\\/\"},\"author\":{\"name\":\"knowbe4.com\",\"@id\":\"https:\\\/\\\/www.pcmatic.com\\\/blog\\\/#\\\/schema\\\/person\\\/02162494533603435e72f7f0cfc7dfd0\"},\"headline\":\"Ransomware Now Disguises Itself\",\"datePublished\":\"2015-04-16T01:06:34+00:00\",\"dateModified\":\"2015-04-16T21:38:03+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.pcmatic.com\\\/blog\\\/ransomware-now-disguises-itself\\\/\"},\"wordCount\":193,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.pcmatic.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.pcmatic.com\\\/blog\\\/ransomware-now-disguises-itself\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.pcmatic.com\\\/blog\\\/wp-content\\\/uploads\\\/ransom150.jpg\",\"keywords\":[\"ransomware\"],\"articleSection\":[\"knowbe4.com\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.pcmatic.com\\\/blog\\\/ransomware-now-disguises-itself\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.pcmatic.com\\\/blog\\\/ransomware-now-disguises-itself\\\/\",\"url\":\"https:\\\/\\\/www.pcmatic.com\\\/blog\\\/ransomware-now-disguises-itself\\\/\",\"name\":\"Ransomware Now Disguises Itself\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.pcmatic.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.pcmatic.com\\\/blog\\\/ransomware-now-disguises-itself\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.pcmatic.com\\\/blog\\\/ransomware-now-disguises-itself\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.pcmatic.com\\\/blog\\\/wp-content\\\/uploads\\\/ransom150.jpg\",\"datePublished\":\"2015-04-16T01:06:34+00:00\",\"dateModified\":\"2015-04-16T21:38:03+00:00\",\"description\":\"Ransomware Now Disguises Itself - A new strain of ransomware now disguises itself as 'quarantined' to help avoid detection.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.pcmatic.com\\\/blog\\\/ransomware-now-disguises-itself\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.pcmatic.com\\\/blog\\\/ransomware-now-disguises-itself\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.pcmatic.com\\\/blog\\\/ransomware-now-disguises-itself\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.pcmatic.com\\\/blog\\\/wp-content\\\/uploads\\\/ransom150.jpg\",\"contentUrl\":\"https:\\\/\\\/www.pcmatic.com\\\/blog\\\/wp-content\\\/uploads\\\/ransom150.jpg\",\"width\":150,\"height\":150},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.pcmatic.com\\\/blog\\\/ransomware-now-disguises-itself\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.pcmatic.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Ransomware Now Disguises Itself\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.pcmatic.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.pcmatic.com\\\/blog\\\/\",\"name\":\"PC Matic Blog\",\"description\":\"Tech Tips and Tricks\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.pcmatic.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.pcmatic.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.pcmatic.com\\\/blog\\\/#organization\",\"name\":\"PC Matic - Top Antivirus Company in the USA.\",\"url\":\"https:\\\/\\\/www.pcmatic.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.pcmatic.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/techtalk.pcmatic.com\\\/wp-content\\\/uploads\\\/PC-MaticLogo-e1472689639222.png\",\"contentUrl\":\"https:\\\/\\\/techtalk.pcmatic.com\\\/wp-content\\\/uploads\\\/PC-MaticLogo-e1472689639222.png\",\"width\":1535,\"height\":483,\"caption\":\"PC Matic - Top Antivirus Company in the USA.\"},\"image\":{\"@id\":\"https:\\\/\\\/www.pcmatic.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/pcmatic\",\"https:\\\/\\\/x.com\\\/pcmatic\",\"https:\\\/\\\/www.instagram.com\\\/pcmaticusa\\\/\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/pcmatic\",\"https:\\\/\\\/www.youtube.com\\\/c\\\/PCMaticVideo\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.pcmatic.com\\\/blog\\\/#\\\/schema\\\/person\\\/02162494533603435e72f7f0cfc7dfd0\",\"name\":\"knowbe4.com\",\"description\":\"KnowBe4 delivers next-generation security awareness training and testing, security consulting \\\/ penetration testing and innovative security software products addressing the needs of business owners, IT, HR, and end-users.\",\"sameAs\":[\"http:\\\/\\\/knowbe4.com\"],\"url\":\"https:\\\/\\\/www.pcmatic.com\\\/blog\\\/author\\\/knowbe4-com\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Ransomware Now Disguises Itself","description":"Ransomware Now Disguises Itself - A new strain of ransomware now disguises itself as 'quarantined' to help avoid detection.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.pcmatic.com\/blog\/ransomware-now-disguises-itself\/","og_locale":"en_US","og_type":"article","og_title":"Ransomware Now Disguises Itself","og_description":"Ransomware Now Disguises Itself - A new strain of ransomware now disguises itself as 'quarantined' to help avoid detection.","og_url":"https:\/\/www.pcmatic.com\/blog\/ransomware-now-disguises-itself\/","og_site_name":"PC Matic Blog","article_publisher":"https:\/\/www.facebook.com\/pcmatic","article_published_time":"2015-04-16T01:06:34+00:00","article_modified_time":"2015-04-16T21:38:03+00:00","og_image":[{"width":150,"height":150,"url":"https:\/\/www.pcmatic.com\/blog\/wp-content\/uploads\/ransom150.jpg","type":"image\/jpeg"}],"author":"knowbe4.com","twitter_card":"summary_large_image","twitter_creator":"@pcmatic","twitter_site":"@pcmatic","twitter_misc":{"Written by":"knowbe4.com","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.pcmatic.com\/blog\/ransomware-now-disguises-itself\/#article","isPartOf":{"@id":"https:\/\/www.pcmatic.com\/blog\/ransomware-now-disguises-itself\/"},"author":{"name":"knowbe4.com","@id":"https:\/\/www.pcmatic.com\/blog\/#\/schema\/person\/02162494533603435e72f7f0cfc7dfd0"},"headline":"Ransomware Now Disguises Itself","datePublished":"2015-04-16T01:06:34+00:00","dateModified":"2015-04-16T21:38:03+00:00","mainEntityOfPage":{"@id":"https:\/\/www.pcmatic.com\/blog\/ransomware-now-disguises-itself\/"},"wordCount":193,"commentCount":0,"publisher":{"@id":"https:\/\/www.pcmatic.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.pcmatic.com\/blog\/ransomware-now-disguises-itself\/#primaryimage"},"thumbnailUrl":"https:\/\/www.pcmatic.com\/blog\/wp-content\/uploads\/ransom150.jpg","keywords":["ransomware"],"articleSection":["knowbe4.com"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.pcmatic.com\/blog\/ransomware-now-disguises-itself\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.pcmatic.com\/blog\/ransomware-now-disguises-itself\/","url":"https:\/\/www.pcmatic.com\/blog\/ransomware-now-disguises-itself\/","name":"Ransomware Now Disguises Itself","isPartOf":{"@id":"https:\/\/www.pcmatic.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.pcmatic.com\/blog\/ransomware-now-disguises-itself\/#primaryimage"},"image":{"@id":"https:\/\/www.pcmatic.com\/blog\/ransomware-now-disguises-itself\/#primaryimage"},"thumbnailUrl":"https:\/\/www.pcmatic.com\/blog\/wp-content\/uploads\/ransom150.jpg","datePublished":"2015-04-16T01:06:34+00:00","dateModified":"2015-04-16T21:38:03+00:00","description":"Ransomware Now Disguises Itself - A new strain of ransomware now disguises itself as 'quarantined' to help avoid detection.","breadcrumb":{"@id":"https:\/\/www.pcmatic.com\/blog\/ransomware-now-disguises-itself\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.pcmatic.com\/blog\/ransomware-now-disguises-itself\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.pcmatic.com\/blog\/ransomware-now-disguises-itself\/#primaryimage","url":"https:\/\/www.pcmatic.com\/blog\/wp-content\/uploads\/ransom150.jpg","contentUrl":"https:\/\/www.pcmatic.com\/blog\/wp-content\/uploads\/ransom150.jpg","width":150,"height":150},{"@type":"BreadcrumbList","@id":"https:\/\/www.pcmatic.com\/blog\/ransomware-now-disguises-itself\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.pcmatic.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Ransomware Now Disguises Itself"}]},{"@type":"WebSite","@id":"https:\/\/www.pcmatic.com\/blog\/#website","url":"https:\/\/www.pcmatic.com\/blog\/","name":"PC Matic Blog","description":"Tech Tips and Tricks","publisher":{"@id":"https:\/\/www.pcmatic.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.pcmatic.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.pcmatic.com\/blog\/#organization","name":"PC Matic - Top Antivirus Company in the USA.","url":"https:\/\/www.pcmatic.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.pcmatic.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/techtalk.pcmatic.com\/wp-content\/uploads\/PC-MaticLogo-e1472689639222.png","contentUrl":"https:\/\/techtalk.pcmatic.com\/wp-content\/uploads\/PC-MaticLogo-e1472689639222.png","width":1535,"height":483,"caption":"PC Matic - Top Antivirus Company in the USA."},"image":{"@id":"https:\/\/www.pcmatic.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/pcmatic","https:\/\/x.com\/pcmatic","https:\/\/www.instagram.com\/pcmaticusa\/","https:\/\/www.linkedin.com\/company\/pcmatic","https:\/\/www.youtube.com\/c\/PCMaticVideo"]},{"@type":"Person","@id":"https:\/\/www.pcmatic.com\/blog\/#\/schema\/person\/02162494533603435e72f7f0cfc7dfd0","name":"knowbe4.com","description":"KnowBe4 delivers next-generation security awareness training and testing, security consulting \/ penetration testing and innovative security software products addressing the needs of business owners, IT, HR, and end-users.","sameAs":["http:\/\/knowbe4.com"],"url":"https:\/\/www.pcmatic.com\/blog\/author\/knowbe4-com\/"}]}},"_links":{"self":[{"href":"https:\/\/www.pcmatic.com\/blog\/wp-json\/wp\/v2\/posts\/50745","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.pcmatic.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.pcmatic.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.pcmatic.com\/blog\/wp-json\/wp\/v2\/users\/40"}],"replies":[{"embeddable":true,"href":"https:\/\/www.pcmatic.com\/blog\/wp-json\/wp\/v2\/comments?post=50745"}],"version-history":[{"count":0,"href":"https:\/\/www.pcmatic.com\/blog\/wp-json\/wp\/v2\/posts\/50745\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.pcmatic.com\/blog\/wp-json\/wp\/v2\/media\/48347"}],"wp:attachment":[{"href":"https:\/\/www.pcmatic.com\/blog\/wp-json\/wp\/v2\/media?parent=50745"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.pcmatic.com\/blog\/wp-json\/wp\/v2\/categories?post=50745"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.pcmatic.com\/blog\/wp-json\/wp\/v2\/tags?post=50745"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}