Home Malware Programs Ransomware Invisible Empire Ransomware

Invisible Empire Ransomware

Posted: May 27, 2016

Threat Metric

Threat Level: 10/10
Infected PCs: 16
First Seen: May 27, 2016
OS(es) Affected: Windows

The Invisible Empire Ransomware is a minor variant of the Jigsaw Ransomware, a Trojan that encrypts your digital content and deletes data based on a timer until you pay its ransom. Although the Invisible Empire Ransomware shares all mainstream features with its recent ancestor, the Invisible Empire Ransomware also includes minor aesthetic changes and may require updates to free decryptors to counteract effectively. Keeping fresh backups on non-local drives can bypass any need for decryption, and professional anti-malware programs can uninstall the Invisible Empire Ransomware, like its relative.

A Visible Data Assault from an the Invisible Hand

The Invisible Empire Ransomware is a threat that bases its code almost entirely on the Jigsaw Ransomware, another file encryptor that holds the contents of your hard drive hostage until you concede to pay its Bitcoin fee. Casual PC users will notice the aesthetic changes found in the Invisible Empire Ransomware, which primarily consist of a new ransom note referencing anti-military artwork by Juha Arvid Helminen. Although all essential functions are the same between these two threats, the Invisible Empire Ransomware now attempts to intimidate its victims with depictions of faceless, Nazi-reminiscent soldiers.

Once past the initial intimidation of its new aesthetics, the Invisible Empire Ransomware also provides ample reason for PC users to be concerned with its appearance. A PC infected by the Invisible Empire Ransomware will have all content not essential to the OS, such as images, documents, or sounds, run through an AES-based encryption routine. Encrypted data will fail to open when double-clicked, and must be decrypted to resume its normal behavior.

Lamentably, malware experts saw no lack of the most heralded feature of the Jigsaw Ransomware in this new variant: the Trojan's ability to delete files based on a trigger (such as whenever the Invisible Empire Ransomware restarts its memory process) or via an hourly time limit. As a result, time spent considering how to resolve an Invisible Empire Ransomware infection can result in lost data directly, along with similar consequences for restarting your PC or closing the Invisible Empire Ransomware.

Carving Apart a Trojan Empire that Never Should Have Revitalized Itself

The Invisible Empire Ransomware's main changes from past threats are strictly cosmetic, including differences in ransom note formats and a new file name extension ('.payransom,' as opposed to the previous string of '.fun'). However, it does include sufficient differences that old, working decryptors for counteracting the Jigsaw Ransomware may require minor updates to match the Invisible Empire Ransomware. As always, giving in and paying the Bitcoin fee may not necessarily restore your data, since it depends on malware administrators honoring their word.

Although free decryptors may be effective at reducing the Invisible Empire Ransomware's damages, this threat remains unusually destructive, thanks to its capacity for deleting content nearly automatically. Malware experts only rate this as another reason why PC owners of all descriptions should back their files up to a secure drive or server regularly, which makes the Invisible Empire Ransomware's deleting function just as valueless as its encryption one.

The Invisible Empire Ransomware conceals much of its file structure in sub-directories of the AppData folder, making it troublesome for a victim to weed out the unrelated files and remove the Invisible Empire Ransomware. Rather than trying to do so by hand, most PC users are better served by using automated system-scanning tools for deleting the Invisible Empire Ransomware, with the bonus of also catching the threat that most likely installed it.

Loading...