EnybenyCrypt Ransomware
The authors of the EnybenyCrypt Ransomware have opted to use the source code of the HiddenTear project as a foundation for their file-encryption Trojan. This is not bad news necessarily because the HiddenTear project uses a simple and predictable algorithm to generate the encryption key used to lock the files. This means that malware researchers were able to reverse engineer the process and develop a free HiddenTear decryptor, which should be able to help victims of the EnybenyCrypt Ransomware or of other file-lockers that make use of HiddenTear’s file-encryption algorithm.
When the EnybenyCrypt Ransomware is initialized, it may start to encrypt various types of files stored on the victim’s hard drive immediately – documents, photos, images, spreadsheets, archives, and databases are just a minor fraction of the file formats that the EnybenyCrypt Ransomware is programmed to lock. It appears that the authors are trying to piggyback on the popularity of the Crypt888 Ransomware, a file-encryption Trojan that was popular a few years ago. The EnybenyCrypt Ransomware uses the same file extension that the Crypt888 Ransomware uses to mark locked files – ‘.crypt888.’
After the file-encryption stage is complete, the EnybenyCrypt Ransomware will continue its actions by creating a ransom note titled ‘Hack.html’ – this file is usually stored in every folder containing the encrypted files. According to the ransom note, the victims need to contact the attackers by messaging rsupp@protonmail.ch or their files might end up being damaged permanently. Although the ransom message does not specify a ransom sum, you can rest assured that money is the primary goal of the EnybenyCrypt Ransomware’s authors, and they are likely to request a few hundred dollars in exchange for a decryptor.
If you suspect that the EnybenyCrypt Ransomware has locked your files, then we advise you to use a reputable and up-to-date antivirus scanner that will help identify and eradicate all corrupted files linked to the file-locker immediately. Do not forget that once the EnybenyCrypt Ransomware is removed successfully, you should use the free HiddenTear decryptor to try and recover your files.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.