Solutions of Information and Communication


Brand search:

Free eScan Anti-Virus Toolkit (MWAV)


Scan for Viruses, Spyware and Adware in your computer.
Just download and run. No installation of this software required. 



eScanAV Anti-Virus Toolkit (MWAV) is a FREE utility that enables you to scan and clean Viruses, Spyware, Adware and any other Malware that may have infected your computer. The eScanAV Anti-Virus Toolkit (MWAV) requires no installation and can be run directly from anywhere, on your computer, USB Drive or from a CD ROM. 


More >>

eScan debuts new Technology for Detection and Mitigation

We started our tryst with Ransomware when it started gaining prominence way back in 2012, however Ransomware has been around for almost a decade. During the initial stages, Ransomware created the effect of awe and shock, unlike Trojans or Malwares or APTs, Ransomware made its presence known. 

The only differentiating factor was that the message was Loud and Clear – You have been Infected.  For all these years, we have been observing the covert methods of a virus while it was silently infecting the system, staying resident and infecting other systems, moreover, many of these viruses started implementing the logic of Command and Control, wherein, vital information was being discreetly leaked or stolen. The level of expertise required for writing a virus was tremendous as the author had to always find ways to stay a step or two ahead of the detection mechanisms and at the same time, the criminals had to invest into infrastructure which would handle the stolen information.

These criminals also rented out these very infected systems, commonly known as Zombie Computers, to other criminals , who would then carry out
their nefarious activities viz. Sending Spam, Initiating DDOS attacks , Bitcoinmining etc.

However, when we speak about Ransomware, during the initial days, they were thought of as a highly sophisticated piece of code, since encryption was
involved. However, Ransomware creators also evolved their tactics and started identifying the important files which would be attacked. There are numerous encryption libraries available which can be used by not just the advanced programmers but also by the script kiddies. It wasn’t imperative for the programmer to be an expert in encryption, since all the information was readily available and the points of interest from the ransomware author’s perspective were - 

  1. Ability to sneak into the system.
  2. Encrypt the files based on their extensions.
  3. Transfer the encryption keys back to the CNC server.

Ransomware infection routines came in various forms, started off as a compressed binary, and when the various vendors started blocking such files
from gaining a foothold, we started finding Ransomware being delivered as embedded macros in Doc or Docx files. Very recently, they started using javascripts, VB Scripts and Powershell based scripting to create Ransomware.

In order to combat these, vendors started blocking scripting engines, however, for how long is this game of cat and mouse going to continue? Researchers have been finding it increasingly difficult to find the elixir which will stop Ransomware in its tracks.

Detection of Ransomware is not just the only solution, sink-holing of the DGA based CNC will simply setback the criminal by 3-4 weeks, there can be
instances when a Ransomware sneaks into the well protected environment consisting not just the End-Point Security Solutions but also bypassing the
perimeter / gateway security appliances and encrypts the local as well as network files.

Conventional backup systems relied on the fact that there are certain folders which are considered important and initiated the backup of the preconfigured folders. However, Ransomware is file-centric, in some instances it will encrypt all the picture files and will leave the thumb-nails file just to make you realize as to what could be lost if ransom is not paid.

We at eScan, have been actively pursuing Ransomware at all levels, analyzing them, studying their behavior and finding out different ways to detect and mitigate this threat, moreover provide a mechanism for eScan users to be resilient.

eScan, now debuts a Proactive Behavioral Analysis Engine (PBAE) that monitors the activity of all the processes on the Local Machine and whenever
PBAE encounters an activity or behavior which is reminiscent of a Ransomware, a red flag is raised and the process is rendered inactive from conducting any further damage. However, Ransomware is also known to encrypt files residing on the network share, in such cases, when an infected non-protected system is accessing the Network Share of a protected system and tries to modify the files residing over there, PBAE, will immediately
invalidate the network session.

In our fight against Ransomware we were working on an Intelligent Shadow Backup mechanism which can be triggered during such eventualities, enabling the users to quickly overcome the aftershocks of Ransomware. Ransomware to the likes of Locky, Zepto, Crysis, Crypto to name a few, along with their variants are being tackled with relative ease by eScan’s Proactive Behavioral Analysis Engine (PBAE). Moreover, we have been studying the events from our cloud server and have been successful in detecting and mitigating thousands of Ransomware attacks since the rollout of Proactive Behavioral Analysis Engine. 

More >>

eScan Internet Security Suite (for Business)

More >>

eScan Internet Security Suite (Cloud Edition)

More >>

Page:  1  (All 4 )
  • State Special Security Department

  • Mongolian National University of Education

  • Communication and Information Technology Authority

  • Oyu Tolgoi LLC

  • General Authority for Border Protection

  • Customs Agency

  • Ministry of Health


  • Epilog Laser

  • eScan

  • 4ipnet

  • Cisco

  • Vertex standard

  • Dell


11th floor, Moodun tower, 2-nd khoroo, Sukhbaatar district, Ulaanbaatar 14251 - 0096, Mongolia:

Telephone: + (976) 70133192
Fax : + (976) 11-311557

©2019 New Terravox LLC