Memento switches to WinRAR if it cannot encrypt
Memento is a new variant of ransomware which has something different from what we are used to seeing: it locks files inside password-protected folders once its encryption method has been detected by the antivirus and, first of all, it has not achieved its objective.
This threat takes advantage of a vulnerability in the web client VMware vCenter Server for initial access to victims’ networks. This security flaw was logged as CVE-2021-21971 and is an unauthenticated remote code execution error. He was rated 9.8 points for his dangerousness.
Keep in mind that this security breach Allows anyone with remote access to TCP / IP port 443 on an exposed vCenter server to run commands in the operating system with administrator privileges. Although a patch appeared months ago to fix the problem, the truth is that many users have not corrected it and now the Memento ransomware takes advantage of it.
The point is that Memento is capable of switching to WinRAR to encrypt the files. If the system antivirus detects the ransomware, what it does is put the files inside an encrypted folder with a password and thus prevent access. It will also ask for a financial ransom in return, as is often the case with these types of security threats.
How to avoid falling victim to Memento and other ransomware
So how can we prevent Memento or any other variety of ransomware from putting our computer at risk? We have seen that in this case it takes advantage of a known vulnerability. However, it is not something exclusive, since in most cases this happens.
Therefore, our first advice is to keep all updated systems. We must correct any vulnerabilities that appear and thus prevent them from attacking us. This we must apply to the operating system and any program that we have installed.
Another very important point is to have a good antivirus. This will help detect these threats and delete files that may be a danger. We can use applications such as Windows Defender, Avast, Bitdefender or any other similar that gives us confidence.
But without a doubt the most important thing of all is the common sense. It is essential to avoid making mistakes that may affect us, such as downloading attachments by e-mail without really knowing their origin or entering pages that can be dangerous.
In short, Memento is a dangerous ransomware that is capable of putting files in an encrypted folder if the antivirus detects it. We have seen how we can be protected and thus avoid security problems.