One of the client place got infected with ransomware Aesir extension, how to detect and prevent from this?
This new Locky ransomware using the Aesir Extension for Encrypted Files is being distributed through emails that pretend to be a complaint from your ISP, which state that SPAM is being sent from your computer. These emails will contain a subject of Spam mailout and contain a zip attachment with a name like logs_[target_name].zip. Inside this ZIP file is a JS file that when opened will download and execute the Locky ransomware.
So, Don't even open it and delete the mail as soon as possible.
The Locky DLL is currently being executed with a command similar to the one below. Note - Please note that the DLL export being used to install Locky will not be same in all cases.
Unfortunately, it is still not possible to decrypt files encrypted by the Locky Ransomware for free.
The only way to recover encrypted files is via a backup or you can try through Shadow Volume Copies.