Home Malware Programs Ransomware Encryptd Ransomware

Encryptd Ransomware

Posted: October 30, 2019

The Encryptd Ransomware is a file-locker Trojan and a possible variant of eCh0raix Ransomware. Owners of network-attached storage devices are at the highest risk from its encryption attacks, which can block files and hold them hostage for a ransom. Secure admin strategies for backup hardware may prevent infections, and anti-malware utilities should delete the Encryptd Ransomware safely.

The Thickening Shadow of Danger for Storage Devices

While a majority of file-locker Trojans will target PCs and their contents directly, including Web servers and vulnerable networks, a growing minority is leveraging encryption under a different strategy. The tactic of targeting network-attached storage or NAS hardware is becoming common increasingly and could be getting a new proponent. The Encryptd Ransomware is the current, most likely successor to the eCh0raix Ransomware, which was, in its turn, predated by the QNAPCrypt.

The Encryptd Ransomware encrypts an unknown series of file formats, although typical targets include text documents, pictures, and other media. It clarifies which files are captive by appending 'encryptd' extensions (note the misspelling), as well as generating a Notepad file that holds its ransom demands. The latter is nearly identical to previous text from eCh0raix Ransomware's campaign. However, malware researchers do note updates to the supplied website link, which continues using TOR for its anonymity.

Users also should be aware that, while file-locking Trojans can afflict Windows, Linux, and Android systems, the Encryptd Ransomware's heritage implies a more specific approach. Past attacks using the same ransom notes limit themselves to harming customers of QNAP Systems, a Taiwanese supplier for network-attached storage.

Encryption-Proofing Your Backups

The Encryptd Ransomware's apparent ancestry does more than narrow down its list of targets; it also suggests various infection methods that malware experts recommend counteracting in advance. QNAP users with unpatched hardware are at risk from software vulnerabilities that can help an attacker download and execute files without needing any manual aid from the device's owner.

Besides that possibility, attackers having access to any of the following also are potential infiltration paths:

  • NAS without network access protection
  • Open ports, specifically, 8080 and 443
  • Telnet or SSH connections
  • SSH

Users configuring their hardware properly can prevent all of these circumstances and stop infections before they can happen. Although there is a free file unlocker for the eCh0raix Ransomware, malware experts can't confirm its compatibility with the Encryptd Ransomware and recommend depending on other solutions for data recovery. It also is worth remembering that most file-locking Trojans will harm other types of hardware and their associated files, and that being on a different OS isn't any form of protection. Users saving their data to external devices are already following good recommendations for file storage. However, it's not a bulletproof solution, and taking your hardware for granted can lead to Trojans like the Encryptd Ransomware making money.

Loading...