eScan PBAE Advisory (08/08/2018)

Lately, Ransomware attacks have risen across the globe and these attacks have not just been targeting
individuals but, large organizations too. The lateral movement introduced by WannaCry is now a
defacto standard method of propagation amongst the newer variants of Ransomware. Ransomware has
been attacking not just fixed drives but also shared / networked file shares too.

Our research team has been continuously tracking these attacks and their method of infection for over
past few years. Based on our understanding of Ransomware we had introduced PBAE and have been
continuously updating the PBAE Engine to detect / mitigate Ransomware Attacks.

Very recently, we released an update to our PBAE which fortifies the defense of eScan’s PBAE Engine
and assists in protecting the systems from any futuristic Ransomware Attack using placeholder
heuristic.

We have released updated PBAE engine on 8th August 2018 and also creates two protected files named
"#0escanprotected.docx" and "#1escanprotected.docx" in all the root directories and shared paths.
These files will be visible to all eScan users but user will not be able to delete or modify the file.

These files will be monitored by eScan’s engine periodically to ensure the protection status. Any non
eScan process which tries to edit the file will be forcefully terminated.

eScan always ensures safe and secure computing environment to all of its esteemed customer, and with
the updated PBAE engine, the risk of ransomware attacks will reduce.

For more information, you can contact our customer support desk or write to us at
support@escanav.com.

An ISO 27001 Certified Company