Erica2020 Ransomware

Erica2020 Ransomware Description

The Erica2020 Ransomware is a file-locking Trojan that blocks digital media for extorting ransom money afterward. Its payload's messages are orienting themselves towards Russian native speakers currently, although the encryption routine may harm files on computers anywhere in the world. Most anti-malware products should flag and remove the Erica2020 Ransomware as a threat correctly before it damages any data.

Geopolitical Tensions Manifesting in Programming

Although Russia is often the regional spawning ground of many Trojan-related attacks, at least one campaign is flipping the script. What possibly is the product of a Ukrainian programmer is targeting victims in Russia, with one of the most common money-making tactics: encrypting data and selling the possible decryption service after doing so. In its standards of operation, the Erica2020 Ransomware is similar to the great families like Hidden Tear or the Globe Ransomware. However, malware experts deem its ancestry unique to itself.

The Erica2020 Ransomware is a .NET Framework program that runs in Windows environments, with an installer using either a randomly-named executable or a fake 'scr' (AKA Windows screensaver) file. Currently, samples also use icons referencing a character from Warner Brothers' 'Animaniacs' cartoon. The Trojan uses many of the traditional features of its kind, including AES encryption for keeping digital media from opening, appending customized extensions and creating text ransom notes. The last, however, have traits that are a little more unusual.

The ransom message that the Erica2020 Ransomware drops are in Russian, rather than English, and provides an e-mail and ID for negotiating over the criminal's unlocking. A tag line at the end also includes an insult towards the reader regarding their backup habits – in Ukrainian. The latter suggests political motives about the design and distribution of the Erica2020 Ransomware, although it is in testing with partial placeholder instructions currently.

Bringing Peace Between Nations - or Between Files and Software

Unlocking or decrypting one's media without paying a ransom can be difficult or impossible for the majority of file-locking Trojan attacks. While malware experts have yet to confirm the security of the Erica2020 Ransomware's encryption routine, rendering it immune to third-party decryptors would be a small programming obstacle for any threat actor. Users should take the insult in the Erica2020 Ransomware's note to heart and implement well-maintained backups before, rather than after, an attack occurs.

Users also can guard the 'borders' of their PCs by monitoring some of the most well-trod infection vectors of the past several years. E-mail attachments are a rich source of attacks against networks, along with brute-forcing passwords and other login credentials. For random victims, possible exposure also can come through downloading illicit torrents or updates from unofficial websites.

Although it's new, most anti-malware tools are finding and deleting the Erica2020 Ransomware as a threat, with usually-generic descriptors. The Erica2020 Ransomware is a colorful expression of how real-world tensions boil over into the Internet, but it's jeering with a good lesson attached to it. Anyone who doesn't know the value of a backup might get taught one the painful way – by a Trojan taking advantage of their oversight.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Erica2020 Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Posted: January 2, 2020
Home Malware Programs Ransomware Erica2020 Ransomware

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.