Information concerning Win32/Filecoder.Locky           Due to the newer threats concerning Win32/Filecoder.Locky, or other similar Ransomware variants we have gathered a few facts that will help Business users protect themselves from such attacks. Furthermore, we would like to make clear that in case a system becomes infected from such a virus, the encrypted files cannot be recovered. Therefore, it is highly important to check whether Endpoint Antivirus/Security is properly configured. A. Users must have Antivirus/Security version 5 or 6 installed. For those who use versions 3 or 4, we must emphasize that the update to newer versions is completely free. B. HIPS (Host-based Intrusion Prevention System) feature must be active. In order to check whether HIPS is active, users can go to Setup > HIPS and check Enabled/Disabled. C. ESET Live Grid activation check for more immediate download of the latest threats. Via Endpoint Antivirus/Security Client 5: Setup > Enter advanced setup > Tools > ESET Live Grid > Activate Participate in ESET Live Grid > OK Via ESET Remote Administrator Console 5: • Windows desktop v5 > Kernel > Settings > ESET Live Grid > Join ESET Live Grid: Yes In version 6 the above configuration can be found in: Advanced Setup > Tools > Live Grid D. Advanced Heuristics on File Execution should be active. Via Endpoint Antivirus/Security Client 5: Setup > Enter advanced setup > Computer > Antivirus and antispyware > Real-time file system protection > Advanced setup > Activate Advanced Heuristics on file execution. Via ESET Remote Administrator Console 5: Windows desktop v5 > Real-time file system protection > Settings > Use advanced heuristics on file execution: Yes In version 6 the above configuration can be found in: Setup > Enter advanced setup > Antivirus > Real-time file system protection > Additional ThreatSense Parameters > Activate Advanced Heuristics on file execution How to check that ESET Live Grid works the way it should: Download the test file CloudCar (http://www.amtso.org/feature-settings-check-cloud-lookups/) Web Protection feature blocks this file from downloading. Important note: This file DOES NOT CONTAIN MALICIOUS CODE In order to download the aforementioned file you must temporarily deactivate Web Protection. Afterwards download and save the file in your hard disk. Enable Web Protection again Create a new email and attach the CloudCar.exe file > Send the email to your email address. When the above email is received the attachment must be detected as «Suspicious Object» and be deleted. For further information you can visit the KB web page: http://www.eset.com/int/about/press/articles/malware/article/eset-warns-against-a-wave-of-infected-e-mails/ A very useful article with information about these particular kind of threats from ESET’s WeLiveSecurity.com Security Blog is the following: http://www.welivesecurity.com/2013/12/12/11-things-you-can-do-to-protect-against-ransomware-including-cryptolocker/ Finally, we must inform Home Users that for their best protection, they should install version 8 or 9, with feature ESET Live Grid enabled. Regards, ESET Greece & Cyprus   For more information visit our website. Disclaimer: This e-mail is intended only for recipients residing in Cyprus and Greece and should be ignored by people from other countries/regions.