IEncrypt Ransomware

The IEncrypt Ransomware is a file-locking Trojan that can encrypt media for blocking it indefinitely and distribute text-based ransoming messages. Other hallmarks of an IEncrypt Ransomware variant include organization or employee-specific filename changes and strong implications of network security breaches, such as brute-force attacks. The victims should let their anti-malware products delete the IEncrypt Ransomware as required before restoring their files from the most convenient backup.

Trojans Taking Names and Using Them for Crime

Although the early examination of both the _readme Ransomware and the '.kraussmfz File Extension' Ransomware was fruitful, more versions of these threats are being captured as samples and seen in live attacks. These file-locker Trojans, which are showing all the usual evidence of being a family with victim-customized payloads, aren't decryptable via free tools, although their cryptographic method is a popular one. Business networks without the proper security countermeasures could become the latest systems at risk from the new the IEncrypt Ransomware and its upcoming relatives.

All attacks deploying the IEncrypt Ransomware are using targeted strategies, which is highly typical of Ransomware-as-a-Service, although malware experts can't confirm the 'renting' of the IEncrypt Ransomware to any third parties. Its executable pretends that it's a Microgaming gambling security application as its cover while it locks the server's files with the AES-256 and RSA-512 encryptions. The IEncrypt Ransomware also adds extensions to their names, which the threat actors configure for matching the target company, organization or user that they're attacking – public examples include 'cmsnwed' and 'kraussmfz.'

This version of the file-locker Trojan also takes upon the busywork of generating ransoming messages for every single file that it blocks, which malware experts don't, often, see in file-locker Trojans (which usually limit themselves to one or two notes). The e-mails and ID numbers for negotiations are the only information of importance that the IEncrypt Ransomware provides therein. Victims should reconsider paying ransoms through Bitcoins, vouchers, or similar means of 'buying' the criminals' decryptor, which they may never receive while the crooks take the money.

Keeping Bad News Out of Your Business Network

Ransomware-as-a-Service attacks, in general, and the _readme Ransomware family, in specific, has intimate associations with two attack strategies over others: e-mail spamming campaigns, and brute-force. Brute-force hacking is most effective against networks secured with inappropriately simple or default login credentials, and using stronger user-password combinations will improve a network's defenses against it. Spam e-mails for installing file-locker Trojans will, in most cases, hide the attack inside of a corrupted document, such as a fake delivery status update or bill.

Even though malware experts find new samples of file-locker Trojans using some variation of the AES and RSA encryptions nearly daily, the popularity of this encryption doesn't make it any more vulnerable to decoding. Without an unexpected breakthrough, the users only will be capable of restoring their locked media via their last backup. Save your backups to other devices for their long-term preservation and let a qualified anti-malware product handle the removal of the IEncrypt Ransomware when necessary.

The necessity of scanning your downloads before trusting them and double-checking the safety of features like Word's often-abused macro is something that's sure to continue in the future. No matter what name the IEncrypt Ransomware's family arrives under, it's never good news for the unprepared.