EncryptedBatch Ransomware
The EncryptedBatch Ransomware is a fake file-locking Trojan that pretends to encrypt your digital media, including documents and pictures. Current samples don't contain any encryption features but do change the files' names, which creates a superficial resemblance of such attacks. The users can rename their files manually or use the Trojan's code to do so automatically and may uninstall the EncryptedBatch Ransomware with any appropriate anti-malware application safely.
A Batch Renamer Masquerading as Something Else
A threat actor has created a file-locking Trojan that omits the 'locking' portion of the proceedings, but its symptoms are similar enough to the Jigsaw Ransomware or Hidden Tear to pass muster among any uninformed PC owners. The EncryptedBatch Ransomware is a Windows program with no affiliation to past file-locking Trojans' families or the Ransomware-as-a-Service industry as a whole. Whether or not its author plans on monetizing it is a question that malware analysts can't, yet, answer.
The EncryptedBatch Ransomware uses a series of simple renaming commands for changing the extensions on media formats like JPG pictures, Word DOCs, ZIP archives, and roughly a dozen additional types. Although most of the name experiences no editing, the Trojan replaces the extensions with an 'Encrypted' tag completely. The text includes an additional number, from zero to nine, depending on the extension that it's replacing.
The EncryptedBatch Ransomware also has a Command Prompt-styled pop-up that takes the place of a ransom note. This prompt gives the user an option for entering the hard-coded 'decryption' code ('idLAa7fkKdx1aKBGBl3dWeY' in current builds) for 'unlocking' their files automatically. If the threat actor changes the code, malware experts also can endorse doing the renaming manually, which should reverse all effects of the program's payload.
Better Safe than Sorry with Attacks on Your Files
The current version of the EncryptedBatch Ransomware holds little danger to even PC users without any backups or significant protection for their data. However, encryption as a non-consensual attack is a feature that threat actors can add very quickly even when they have little to no programming expertise. Backing work up to another, secure device is, often, the only means that the victims possess of restoring their files in full.
The EncryptedBatch Ransomware's executables aren't using names that would correlate with any infection strategies, such as fake invoices or game cracks. The users should consider having their anti-malware tools scan downloads regularly for possible dangers, particularly, for ones arriving via e-mail or a file-sharing network. Removing the EncryptedBatch Ransomware with a dedicated anti-malware solution, also, is essential for your PC's safety, if only due to the chance of other threats arriving simultaneously.
The EncryptedBatch Ransomware is a neutered threat that's more bark than bite but could grow fangs soon. Whether it does or not shouldn't affect the precautions you take for your files' sakes.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.