Encrp Ransomware
The Encrp Ransomware is a file-locking Trojan without a related family. The Encrp Ransomware encrypts media on the PC for blocking them until the victim pays its ransom of two hundred USD in Bitcoins. Proper backup maintenance can help with data recovery significantly. However, Windows users under the protection of competent security services should delete the Encrp Ransomware without allowing it a window of opportunity for its attacks.
A Trojan without a Home Seeks Files without Backups
While there are examples of file-locking Trojans bereft of relatives or business ties, like 'retmydata@protonmail.com' Ransomware or the Encrp Ransomware, they're in the overall minority. The second of this pair of examples, the Encrp Ransomware, also shows how little a seemingly-independent Trojan can differ from the oceans of Ransomware-as-a-Service variants. Besides a new ransom note, the Encrp Ransomware's campaign is mistakable for one from nearly any RaaS family easily.
The Encrp Ransomware is a Windows threat that uses a misspelling of the Windows svchost process (a fake 'svcshost.exe') as its installation disguise. This tactic is sufficiently-generic that it would be almost unnoticeable on any version of Windows. Its payload, though, includes that most notorious of Trojan attacks, a data encryption routine.
The Encrp Ransomware blocks the user's files, including commonly-used media like documents, by way of an unidentified algorithm and gives them 'encrp' extensions for identification. The latter shows the same pattern as the well-known STOP Ransomware family and even some Dharma Ransomware versions, although malware experts find no relation currently.
When it finishes blocking files, the Encrp Ransomware creates a ransom note: a text file that conveys a request for two hundred USD in Bitcoins for a decryptor or file-unlocking service. As of mid-October, malware experts observe no payments in this wallet.
Separating Simple Trojans from the Pack
Although the Encrp Ransomware includes limited program-terminating features, it seems that it's using them only for self-management purposes or closing Windows media management applications, rather than security tools. The Trojan also has what malware experts estimate is a self-uninstall feature for the software, which is mildly unusual. However, victims shouldn't depend on such functions for protecting their computers – especially from Trojans who've already attacked the computer's files.
According to its fake installer name and its ransom details, its campaign is likely for randomly infecting home users or small, unprotected workplace servers. Users with backups, safe file-sharing habits, and well-maintained software updates should find little danger from the Encrp Ransomware's campaign. Features such as JavaScript, Flash, and Word macros should have all due, cautious consideration before activation, and passwords always should be robust sufficiently that they can resist 'guesses' from dictionary attacks.
Despite being an independent Trojan, the Encrp Ransomware has no obfuscation of any note. Security products specializing in threat removal should block it or remove the Encrp Ransomware from infected PCs automatically.
The Encrp Ransomware wouldn't be the first Trojan, alone, to start splitting off into new versions. Whether it does so or remains a blip in the threat landscape, it's up to the future and any unlucky victims.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.