Home Malware Programs Ransomware Simple_Encoder Ransomware

Simple_Encoder Ransomware

Posted: July 26, 2016

The Simple_Encoder Ransomware is a Trojan that renames and encrypts your media for the purpose of holding it hostage. Its ransoms request a Bitcoin cash transfer before its administrators will provide a decryption service, which is custom to each infection. Like all threats of this type, the Simple_Encoder Ransomware is best counteracted by having backups that make the need to decrypt content irrelevant, while removing the Simple_Encoder Ransomware with whatever anti-malware tools you consider trustworthy.

A Not-So-Simple Problem with Your Files

Although much of July's ransomware news has focused on spinoffs of past threats, the development of brand-new Trojans also is keeping a steady pace. The Simple_Encoder Ransomware is a new Trojan whose campaign only dates from late July, with limited quantities of infections verifiable by malware analysts. Although the Simple_Encoder Ransomware exhibits some stylistic differences from similar Trojans, its strategy still is to encrypt your data and then load a ransom message to 'sell' the decryption solution to you.

The Simple_Encoder Ransomware targets both conventional file formats (such as Word documents, PowerPoint presentations, and compressed ZIP archives), as well as specialized ones, including SQLite C databases, BAK backups, and JAR Java containers. In addition to using a secure encryption algorithm with an encoding technique similar to that of the CryptoWall Ransomware, the Simple_Encoder Ransomware adds a tilde (the '~' symbol) to each name, in lieu of a standard extension string. Although the majority of an encrypted file's contents is undamaged, the encryption process ensures that the PC user can't access it.

The Simple_Encoder Ransomware also places various ransom messages on the PC in INI and TXT formats, including any folders that hold encrypted content. All of these messages are duplicates of the same instructions, asking for an ID number transferred over e-mail, and a 0.8 Bitcoin payment, which supposedly purchases a decryption solution. Malware experts also see the same ransom note in use in different campaigns, although the Simple_Encoder Ransomware's administrators have added a new e-mail address.

Turning the Removal of the Simple_Encoder Ransomware into a Simple Job

While the raw numbers of the Simple_Encoder Ransomware infections are comparatively small, this threat is equally capable as more widespread Trojans at encrypting data and preventing it from being recovered easily. Symptoms malware experts recommend looking for include the previously noted changes in file names, small increases in file sizes, the presence of text ransom notes, and a BMP image displaying similar extortion demands. Even though the Simple_Encoder Ransomware's characteristics are strikingly similar to some past campaigns of data-encoding Trojans, no distinct relationship between it and any other threat is verifiable at this time.

Since the Simple_Encoder Ransomware is a freshly-identified threat seemingly unrelated to prior ones, the PC security has yet to develop a free decryption option for its attacks. Concerned victims can best protect their data by storing duplicate files on a cloud server or a removable device. Delivering samples of both the Simple_Encoder Ransomware and any encrypted data to appropriate security institutions also can speed the development of a non-premium decryptor.

Initial detection rates for new threats like the Simple_Encoder Ransomware often are lower than the ideal. Update your anti-malware products whenever possible to help them detect and delete the Simple_Encoder Ransomware, potentially before it can begin encrypting any content. Because of the nature of any competently-designed file encryptor, campaigns like the Simple_Encoder Ransomware throw increasing light on the necessity of preventative action, rather than after-the-fact recovery options.

Loading...