Enc1 Ransomware

The Enc1 Ransomware is a file-locker Trojan that can block your documents, music, pictures and other digital media. The Enc1 Ransomware encryption may or may not be reversible without the threat actor's help, which he sells at the cost of an unspecified ransom. Windows users should monitor their network security for vulnerabilities prone to exploitation, keep backups of their work on other devices, and have anti-malware programs capable of proactively removing the Enc1 Ransomware.

Another Consequence of Forgetting to Change Your Passwords

A threat actor is sending a new file-locker Trojan out against vulnerable businesses, with a campaign that, so far, is using brute-force techniques for seizing temporary control over networks. Although the first victims of the Enc1 Ransomware's attacks base themselves in Australia, the Enc1 Ransomware has no evident regional specificity regarding its payload, and malware experts anticipate most Windows users being in theoretical risk. The aftermath of an attack consists of nothing more than a text note from the criminal and an assortment of now-non-opening media files.

The unknown author is using login-password combinations from previously compromised sources for logging into servers remotely and further exploiting Remote Desktop-based features for dropping the file-locker Trojan. Since the Enc1 Ransomware is running manually, it doesn't require a victim's clicking on an e-mail attachment or performing other acts of self-sabotage. The Enc1 Ransomware is blocking various media formats with an algorithm that, currently, is unknown, although malware experts continue finding a variant of AES as being the most likely choice.

The Enc1 Ransomware adds '_enc1' extensions to the names of the media that it locks, which is a symptom that calls back to other Trojans like the Crypt0L0cker Ransomware and the Motd Ransomware, although it's not formatted identically. The Enc1 Ransomware also includes a text message that gives the victims e-mail addresses and multiple serial numbers for entering into the ransoming negotiations. The Enc1 Ransomware's extortion instructions aren't a direct copy from a preexisting source that's familiar to malware analysts and include an extra, semi-random string of characters in the name, which helps set this Trojan apart from most of the competing ones. Paying the ransom isn't encouraged, and no information is available on the cost that the criminal is demanding for decryption, thus far.

Protecting Your Network against Attacks that are Easier Blocked than Undone

With no solutions available for the Enc1 Ransomware through free software, malware analysts can do little more than recommend various steps for keeping your network secure from its known infection vectors. Robust and unique passwords that rotate semi-regularly will prevent criminals from brute-forcing their way into logging in, using a firewall with secure settings will eliminate semi-random attacks based on scanning for open ports, and disabling RDP by default always is optimal for your PC's safety. The business sector is the most likely target of future Enc1 Ransomware attacks, but non-consensual encryption is just as damaging to the files of virtually any computer.

Current Enc1 Ransomware attacks have histories of removing all traces of the file-locker Trojan afterward and leaving behind no more than the Notepad ransom note and the encrypted media. However, for general safety, users should analyze their PCs with proper anti-malware tools while changing passwords and, otherwise, re-securing the network by any means necessary. Updated anti-malware products should delete the Enc1 Ransomware without issues in most cases if it remains system-persistent.

While its financial strategy is no different from most file-locker Trojans, the Enc1 Ransomware has several signs of independent symptoms that set it apart from the most well-known families of its kind. An enthusiastic criminal programmer that's willing to develop brand-new threats should be an issue on the radar of anyone with an Internet-connected PC.