Kaspersky
Question

Trojan-Ransom.Win32.Purgen

  • 1 July 2019
  • 2 replies
  • 1230 views

Greetings,

I've raised a support ticket already but our network has been infected with Trojan-Ransom.Win32.Purgen. Subsequently we've lost local PC files that are not backed up which is unfortunate.

However, what I want to as k here is how this infected our system. Does Kaspersky not scan files as they are downloaded? The Purgen virus/malware/trojan is not entirely new from what I can gather, so does it not have a signature that can be stopped when an end user does something to bring it into the network?

The computer that was infected is no longer usable: I can't login to safe mode to try and disinfect anything. Is there another boot disk tool that can be used? Or is the safest thing at this point just to backup the files in the hope that one day they might be recoverable, and then format the machine?

Thanks!

2 replies

Userlevel 7
Badge +4
Welcome. Your best bet is to continue with Tech Support, because tech support has more tools, more information, and more resources than we have on this forum. Tech Support can give you much more informed advice.

AES or asymmetric encryption: Probably not decryptable without the keys that the attacker holds.

Further reading: https://usa.kaspersky.com/resource-center/threats/ransomware

and: https://usa.kaspersky.com/resource-center/threats/malware-system-penetration ..and so on...

Prevention is key. All of the usual rules: Change all passwords regularly, only use strong passwords.
Don't click on spam emails, don't click on links or attachments in malicious emails.
Keep operating system and all software up to date.
Users do not have Admin account rights.
Don't download junk or click on malicious popups or malicious fake notifications. And so on.... etc....

Always maintain safe backup, and recover from backup.
Yeah tech support gave this response : "We would suggest that you may post your current issue here for further assistance: https://community.kaspersky.com/" 🙂

Not to worry. Yeah they've been hit 2x previous to this and we removed all admin rights from the users... other than the owner.. which has since been removed. Advice on not opening unknown emails, checking the links in emails etc had already been given....

Thanks for the links. I'll continue reading up and work something out. With the data lost on that machine I'm inclined to format and start again with all the settings turned to max.

Part of the issue is not being able to point to something someone has done and say "here's what happened".... the office seem to think they've been hacked as opposed to being manipulated into opening the door so I'm guessing it's just a matter of trying to educate again and as you say - locking off what people don't really need and providing some pathway to what they do need but not regularly (ie install rights).

Thanks for the response.

Reply