Home Malware Programs Ransomware _encrypted Ransomware

_encrypted Ransomware

Posted: October 27, 2020

The _encrypted Ransomware is a file-locking Trojan that's independent of any confirmed Ransomware-as-a-Service or family. Like more well-known threats of its type, it blocks media files in Windows PCs by encrypting them, adds extensions to their names, and leaves ransom notes for victims. Users should have secure backups for protecting their files and let dedicated security services remove any the _encrypted Ransomware infections.

Trojans Waiting on Their Infrastructure Insertion Patiently

Ransomware-as-a-Services offer a kudzu-like fast proliferation model that grows over much of the file-locking Trojan section of the global threat landscape. Still, there's room for occasional one-offs, such as the _encrypted Ransomware, which malware analysts confirmed recently. This Trojan-in-testing is missing several key elements, but its intentions are self-explanatory, with encryption and ransom demands in waiting.

The _encrypted Ransomware is targeting Windows systems, like most file-locking Trojans around the world. It uses a currently-unexamined form of data encryption that locks media files on infected PCs, such as documents, images and music. The Trojan appends extensions specific to its campaign purely as identifying markers of the attack, letting the victim know which files it has as captives.

The Trojan's threat actor opts for a Notepad TXT file as a ransom note, which uses English ransom demands that malware experts don't link to other Trojan families. Here, readers may see some elements that make the _encrypted Ransomware different from most Trojans of its classification: the local storage of user encryption and 'customer' data in a 'metadata.bin' file, and the missing anonymous TOR site link. Presumably, the latter is awaiting further Web development from the threat actor before being up and running for processing ransoms.

The Full-Fledged Danger from Half-Done Trojan Campaigns

That the _encrypted Ransomware appears in threat databases with incomplete infrastructure suggests that the programmer plans to test the detection metrics and update the Trojan afterward. Still, current rates of flagging the Trojan as a threat are high. Malware experts also emphasize that the encryption side of the _encrypted Ransomware's payload is working and capable of permanently blocking media files.

Windows users should protect their work through backups on secure devices, as is appropriate. They also can make themselves safe from infection attempts by multiple steps, such as:

  • Refraining from enabling high-risk features like JavaScript, Flash and macros
  • Using passwords that are strong enough to resist dictionary attacks
  • Avoiding illicit downloads
  • Installing software patches that removing known vulnerabilities

Other than attackers gaining access by brute-forcing passwords or hijacking RDP, most infection incidents involve users endangering their PCs with unsafe behavior. Most anti-malware products will further protect users by blocking most drive-by-downloads and should intercept and remove the _encrypted Ransomware.

The _encrypted Ransomware may become harder to detect in the future, but there's little point in guessing what a threat actor may or may not do with their pet project. What's certain is that a backup is priceless in the face of Trojan attacks, whether they have the backing of a bloated Ransomware-as-a-Service or are independents out for themselves.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to _encrypted Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner*

* See Free Trial offer below. EULA and Privacy/Cookie Policy.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Related Posts