Creating backups is a good defense to combat threats like ransomware. It is an interesting option to prevent our data and files from being lost. However, with the passage of time there are also threats that can directly attack this that we mentioned. In this article we echo a new ransomware called PXJ . It is a new threat whose main objective is to eliminate backups and also disable the option to create them.
PXJ, the new threat that steals backups
We have always said that one of the best defenses against ransomware is backups. It is essential that we properly store our files. We already know that ransomware consists of encrypting the files and information of our system. If we have those data, those folders, stored on an external device or in the cloud, in case of being victims of this type of attack we can recover them.
Now, hackers are also constantly perfecting their attack techniques. In this case what PXJ does is directly attack the backups. On the one hand, it has the ability to eliminate them, so users would be left without that guarantee against ransomware. But also it also has the ability to disable the ability to create backups.
This new ransomware has been discovered by the X-Force security team at IBM. This threat adds the .pxj extension to the files it encrypts. They indicate that it does not share code with other similar threats, which makes them believe that it is a completely new ransomware.
When it infects the user, it is responsible for deleting the backups that are in Windows, as well as preventing the possibility of recovering Windows. When you disable these services is when you start with file encryption. It uses the AES and RSA algorithms. Later, the file LOOK.txt appears, which is where all the rescue information is located.
It is mainly distributed by email
Security researchers have acknowledged that they don’t know exactly what means they may be using to distribute themselves, but they do know that email is the primary one. This is so in many similar cases. Email is a widely used tool by users and hackers know that. This causes it to be through a simple email where they can send threats of this type.
It can arrive hidden in an attached file , so once again the importance of not falling into errors that may put our security and privacy at risk is demonstrated. Common sense is always essential and not to open or download attachments that come from unknown addresses or that may be a threat.
Beyond common sense , which is essential to avoid this type of attack, it is also convenient to have security tools. A good antivirus can help us to avoid the entrance of malware that could put our systems at risk. We already know that there is a wide range of possibilities available. In the same way it is essential to have the equipment correctly updated.
