EnCrypt Ransomware
Posted: July 6, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 8/10 |
|---|---|
| Infected PCs: | 1,026 |
| First Seen: | July 6, 2017 |
|---|---|
| Last Seen: | March 6, 2024 |
| OS(es) Affected: | Windows |
The EnCrypt Ransomware is a Trojan that locks your files with an encryption cipher so that it can sell you the solution to restoring them. Decoding them through other methods may be possible, but users are recommended to backup all data that's too valuable to risk losing it to file-encrypting threats. Monitor your e-mail and network security and use anti-malware products for blocking or uninstalling the EnCrypt Ransomware as is appropriate.
A Hint of Onion in the Next Trojan Campaign
While threat actors can be industrious, they also see the value in not re-imagining the wheel, and are just as happy to use pre-existing structures and services as they are to create new ones. The EnCrypt Ransomware offers another data point confirming how modern, file-encoding attacks are using anonymity services like TOR to protect their identities and cash transactions. The implied semi-automated nature of the ransom also could encourage victims to pay more promptly instead of searching for other solutions to an infection.
The EnCrypt Ransomware's family, if any, is unknown, and malware researchers haven't verified the encryption cipher it uses. In other respects, however, the EnCrypt Ransomware is very similar to members of previously examined families, like Hidden Tear, Jigsaw Ransomware or EDA2. Its attacks and symptoms may include:
- The EnCrypt Ransomware creates a background process to scan for files of particular formats and in specific locations, such as documents or the contents of the user's desktop. Appropriate content is encoded with a cipher to prevent them from opening.
- The EnCrypt Ransomware appends '.en' extensions onto every name for any media it locks, which may or may not replace any previous formatting tags ('document.doc' may become 'document.doc.en' or 'document.en').
- The Trojan uses text-based ransoming messages to sell the victims a possible decryption key for restoring their files and may supplement the note with other alerts, such as an image replacing their desktop's background.
In addition to the above, usual features, the EnCrypt Ransomware also conducts its decryption services through a TOR (initially known as The Onion Router) website. This site allows the victims to input their ID and the Bitcoin transaction data to confirm the money transfer and then, supposedly, get their files unlocked. This support feature is one that malware researchers often sees with RaaS (AKA Ransomware-as-a-Service) Trojans, which divides the distribution campaigns and the original programming into separate groups of threat actors.
Suppressing the Aroma of an Onion-Assisted Extortion
Much remains to learn about the EnCrypt Ransomware, which began being identified and analyzed only recently. RaaS campaigns can be more unpredictable than ones using the same threat actors for each attack, and the EnCrypt Ransomware has the potential to spread through numerous means, including spam e-mails, brute force hacking, and exploit kits. Disable risky content, such as JavaScript or macros, when they're not necessary, to reduce the risk of system compromises.
With so many of its symptoms limited to showing after its data-damaging attacks, users should try to block the EnCrypt Ransomware before it encrypts content, instead of removing it after the fact. Users can update their security software as appropriate to allow them to identify new threats as soon as possible, and submit samples of quarantined Trojans or encrypted media to anti-malware researchers for developing new decryption solutions. By default, conventional anti-malware technology should delete the EnCrypt Ransomware and prevent any encryption from happening, unless the remote attacker can disable these defenses manually.
TOR was, like many products, built for fulfilling a perceived, ideological need for privacy. However, con artists very prone to respecting philosophical ideals and, when given an online tool like an anonymous browser, are more likely than not to exploit it for funneling money with help from programs like the EnCrypt Ransomware.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.