hosting image
This ransomware becomes RAR file if detected by antivirus

Image Credits: Andrey Popov / Getty Images

This ransomware becomes RAR file if detected by antivirus


Memento switches to WinRAR if it cannot encrypt

Memento is a new variant of ransomware that has something different from what we are used to seeing: it locks files inside password-protected folders once its encryption method has been detected by the antivirus and, first of all, it has not achieved its objective.

This threat takes advantage of a vulnerability in the VMware vCenter Server web client for initial access to victims' networks. This security flaw was logged as CVE-2021-21971 and is an unauthenticated remote code execution error. It was rated 9.8 points for its dangerousness.

Note that this security flaw allows anyone with remote access to TCP / IP port 443 on an exposed vCenter server to execute commands in the operating system with administrator privileges. Although a patch appeared months ago to fix the problem, the truth is that many users have not corrected it and now the Memento ransomware takes advantage of it.

The thing is, Memento is able to switch to WinRAR to encrypt the files. If the system antivirus detects the ransomware, what it does is put the files inside an encrypted folder with a password and thus prevent access. It will also ask for a financial ransom in return, as is often the case with these types of security threats.

How to avoid falling victim to Memento and other ransomware

So how can we prevent Memento or any other variety of ransomware from putting our computer at risk? We have seen that in this case, it takes advantage of a known vulnerability. However, it is not something exclusive, since in most cases this happens.

Therefore, our first advice is to keep all systems up to date. We must correct any vulnerabilities that appear and thus prevent them from attacking us. We must apply this to the operating system and any program that we have installed.

Another very important point is to have a good antivirus. This will help detect these threats and delete files that may be a danger. We can use applications such as Windows Defender, Avast, Bitdefender, or any other similar that gives us confidence.

But without a doubt, the most important of all is common sense. It is essential to avoid making mistakes that may affect us, such as downloading attachments by e-mail without really knowing their origin or entering pages that can be dangerous.

In short, Memento is a dangerous ransomware that is capable of putting files in an encrypted folder if the antivirus detects it. We have seen how we can be protected and thus avoid security problems.