Does anyone have more information about CXmail/EncDoc-B? Got hit by this but unable to find what the consequences or actions are

Hi All,

 

Reaching out to the community because I can't find any further info in Sophos' documentation. Have alerts for a machine hit with CXmail/EncDoc. Have deleted the infected doc but would like to know:

 

1. What does it do and could it have downloaded or spawned other malware, spawned process, stolen credentials, logged keystrokes etc etc. Need this both to check for evidence of other actions and to log it internally.

2. Having just deleted the infected file is that all the remediation I need to do? Have scanned the machine since removal and got a green light but this feels a bit lightweight in terms of ensuring the machine can be returned back into service.

 

All the best

Jon