In response to a security breach believed to be in the form of Secure ransomware,
we would like to confirm the situation and provide a warning as follows.

Secure ransomware

The ransomware in question is called Secure and has a file name.extension. It appears that all files are being changed to secure[email address].

How it works

file version

[Figure 1 Ransomware executable file compiler information]

[Figure 2 File information in window properties]

Ransomware operation characteristics

• It was created with VB .NET, and because it is .NET-based, internal code can be checked, but an obfuscation function is applied to function/variable names. After encryption, create a link to the instruction txt file created in Temp in the startup folder so that it automatically runs when Windows starts.

  
  [Figure 3: Internal code with obfuscated names of functions and variables]

  
  [Figure 4 txt link of ransomware created in startup program folder]

Infection results

The information file is created as <RESTORE_FILES_INFO.txt / RESTORE_FILES_INFO.hta> in each path, and when encryption is performed, <file name.extension. Change the files to secure[email address]> and change the desktop when complete.

[Figure 5 Infection results]

White Defender compatible

It supports real-time automatic restoration of files that will be encrypted before the malicious actions and blocking of White Defender ransomware.

[Figure 9 Block message]

Watch the Secure blocking video