EnyBeny Ransomware
The EnyBeny Ransomware is a file-locking Trojan that may block your media with encryption, corrupt it so that it becomes unopenable permanently, or delete it. Its payload includes additional errors and symptoms, such as a ransom note, Windows pop-ups, and the hijacking of your desktop currently. Always block this threat from running and remove the EnyBeny Ransomware, if possible, with appropriate security solutions, and keep backups for recovering without any decryption requirements.
Trojan Brands Becoming a Little Mutated
Threat actors are muddying the waters of their file-locker Trojans' identities by using the brand-name of 'EnyBeny' from the EnybenyCrypt Ransomware for a new program whose payload differs significantly. The new Trojan, the EnyBeny Ransomware, still is trying to lock files for ransoms but includes other bugs and functions that cause malware experts to question if it's an update of the old EnybenyCrypt Ransomware or a separate entity. While its familial links require some future investigation, the EnyBeny Ransomware is just as capable of being a risk to any local media content.
The encryption algorithms that the EnyBeny Ransomware uses for locking content have yet to see an in-depth analysis and may or may not be decryptable through a third-party. Additionally, some sources are reporting the EnyBeny Ransomware's employing 'wiper' features that may corrupt or delete data securely and permanently, although malware experts are only verifying the lack of the extension addition that most file-locking Trojans append to blocked media. Examples of traditional targets of these attacks consist of but aren't restricted to, PDF documents, JPG, BMP or GIF pictures, ZIP or RAR archives, and the majority of the Microsoft Office content.
A visible bug in the EnyBeny Ransomware causes its payload to create a SANDSA installation warning window, along with a blank, second pop-up that may, in the future, hold a ransoming message. The EnyBeny Ransomware, also, hijacks the desktop with a grammatically-questionable 'mutanted as clay' warning message by editing the Windows Registry and gives the victim a new Notepad ransoming message that sells the decryptor for 0.00000001 Bitcoins. Despite the 'EnyBeny' brand name in some of these features, most of the EnyBeny Ransomware's payload bears little resemblance to that of the Hidden Tear derivative of EnybenyCrypt Ransomware.
Ways of Preserving Your Media Regardless of the Assailant's Name
The EnyBeny Ransomware may or may not have any real ties to the EnybenyCrypt Ransomware – the Hidden Tear-based code of that threat is available to criminals around the world at no charge. However, without additional samples and reports from victims, malware experts can only estimate at the possible damages of the EnyBeny Ransomware campaign, which is capable of blocking or destroying documents, spreadsheets, pictures and other media formats similarly. However, the EnyBeny Ransomware does require a Windows software-appropriate environment.
None of the installers that malware researchers have available are providing file details, such as certificates, that assist with tracking its infection strategy. Threat actors may introduce file-locker Trojans to business networks through e-mails or brute-forcing an admin's login, or attack the victims randomly over unsafe advertising networks, torrents or exploit kits on download-themed sites. Let your anti-malware products handle blocking or removing the EnyBeny Ransomware before taking the proper recovery steps, such as restoring your files from an external USB.
The EnyBeny Ransomware has many characteristics making it look less professional than one would expect of a Hidden Tear variant or a Ransomware-as-a-Service byproduct. Even this lowbrow payload, however, still can do long-term harm to your work if you don't protect your PC.
Update December 7th, 2018 — EnyBeny-Cristmas Ransomware
The EnyBeny Ransomware family has certainly increased the number of its members drastically, and malware researchers continue to identify new file-lockers based on the EnyBeny’s code. One of the latest members of the family is the EnyBeny-Cristmas Ransomware, which has already managed to claim several victims in different countries and, unfortunately, the users affected by this file-locker may not be capable of getting their files back for free.
The file-encryption algorithm utilized by the EnyBeny-Cristmas Ransomware has proven to be impossible to decipher by malware researchers, and the only way to decrypt files locked by this cyber threat is to use the private decryption key, which is in possession of the attackers. Naturally, the authors of the EnyBeny-Cristmas Ransomware offer a decryption service, but they are unlikely to be willing to help for free, and their victims might be asked to pay significant amounts of money in exchange for a decryptor.
The EnyBeny-Cristmas Ransomware will mark all the encrypted files by appending the ‘.Cristmas@india_com’ extension to their names. In addition to this, it will drop a ransom note that is usually meant to provide victims with data recovery instructions. However, the ransom message dropped by the EnyBeny-Cristmas Ransomware does not contain anything else apart from the addresses are_nlm@tutamail.cc and desktopman228@india.com.
If you suspect that EnyBeny-Cristmas Ransomware has compromised your computer and encrypted your files, then we advise you not to contact the perpetrators. There is no clue about how much money they may ask for and, in addition to this, it is possible that you might not receive anything even if you pay them. Instead of trying to negotiate with cybercrooks, the advice is to run a trustworthy anti-virus application to remove this threat’s files. The bad news is that the removal of the EnyBeny-Cristmas Ransomware will not get your files back to normal, and you might need to look for alternative data recovery options.
Update December 7th, 2018 — EnyBeny-Revenge Ransomware
The EnyBeny-Revenge Ransomware is a file-locker, which is almost identical to the original EnyBeny Ransomware– the only difference is the extension used to mark the locked files, and the email addresses found in the ransom message. Apart from these two minor differences, the EnyBeny-Revenge Ransomware’s attack is carried out the same way, and the consequences of its attack are always the same – a hard drive full of encrypted files that cannot be unlocked for free.
When the EnyBeny-Revenge Ransomware compromises a computer, it will make sure to leave the victim’s hard drive packed with encrypted documents, photos, videos, music, archives, and other file types that are used on a regular basis. Victims of the EnyBeny-Revenge Ransomware should have no trouble identifying the locked files because the ransomware will add the ‘.EnyBenied!’ extension to their names. Finally, the EnyBeny-Revenge Ransomware will drop the ransom message ‘ENYBENY.TXT’ that contains file decryption instructions. According to security researchers, the EnyBeny-Revenge Ransomware also may replace the desktop wallpaper with the image ‘ENYBENY.png.’
The attackers can be contacted by emailing filekerk@tutanota.com or yougame@protonmail.ch, but we assure you that getting in touch with them will not lead to any positives. The authors of the EnyBeny-Revenge Ransomware are going to demand a significant amount of money in exchange for a decryptor, and we assure you that paying them any money would be a major mistake. The advice is to run an anti-virus product to help you remove the EnyBeny-Revenge Ransomware’s files, and then look for data recovery software.