EncoderCSL Ransomware
The EncoderCSL Ransomware is a file-locking Trojan that can keep media from opening with its encryption. It's a variant of the well-publicized Hidden Tear project, although it includes some minor changes, such as a pop-up alert. Users should have their backups ready for recovery against infections and let anti-malware software remove the EncoderCSL Ransomware as soon as they identify it.
Trojans in Testing with Ransom Demands Loaded
Hidden Tear is already responsible, albeit unintentionally, for the campaigns of threats like the DRV Ransomware, the CROWN Ransomware, the Russian Legion Ransomware, the FORMA Ransomware and more than a few others. Such a line of succession would make any Black Hat programmer proud, but it's remaining an ongoing issue, as the EncoderCSL Ransomware shows in early 2020. This Trojan, while still in the testing stage, shows transparent intentions of making attacks on files for ransom payments.
The EncoderCSL Ransomware retains the use of AES encryption for blocking files but does so with a much-reduced list of targetable formats. For now, the EncoderCSL Ransomware attacks 'txtr' and 'test' files, only – one of the most considerable signs of its being in-development. After making the file non-opening temporarily, it adds an extension ('locked') at the file name's end, as well.
For ransoming demands, the EncoderCSL Ransomware includes a text file and a pop-up. The latter, unusually, is borderless and contains references to user and machine IDs. Although the contents of the text messages aren't available to malware analysts, the EncoderCSL Ransomware is dropping two slightly differently-named versions, both variants on the archetypical 'readme' name. Victims should reconsider any thoughts of paying, as long as they have other options for recovery.
Flunking the EncoderCSL Ransomware from Its Test on Extortion
Further additions to the EncoderCSL Ransomware may, in theory, hold more surprises in its future attacks. For the moment, its payload is reversible easily by any users having backups of their work on other devices. Since Hidden Tear is non-secure in how it handles its encryption frequently, malware experts also recommend checking for free decryption solutions – but only after copying any files for testing compatibility with them.
The EncoderCSL Ransomware is a danger to most Windows systems and should be compatible with the latest versions of that OS. It also poses a possible threat to unprotected servers, which are vulnerable to brute-force cracking of logins, hijackings of their RDP features, and, more rarely, e-mail phishing attacks. Appropriate admin and general user security protocols will keep most such attempts from finding any foothold or granting the EncoderCSL Ransomware any access to your files.
Users with trustworthy anti-malware protection can scan their PCs or use automated threat-detecting features for blocking and removing EncoderCSL Ransomware when it's appropriate.
EncoderCSL Ransomware is little more than a testing ground for another criminal's base greed, but pop-ups asking for money aren't easy to laugh off your computer. Lest anyone think that Hidden Tear can't compete in the current year of Ransomware-as-a-Services, the EncoderCSL Ransomware is here, proving them mistaken.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.