ETH Ransomware
The criminals using the Dharma Ransomware continue to be very active, and they regularly release slightly modified variants of the infamous file-locker. One of the most active members of the Dharma Ransomware family is called the ETH Ransomware and, unfortunately, it uses a flawless file-locking mechanism impossible to crack via free utilities. If the ETH Ransomware infects a computer successfully, it will encrypt a large portion of the files it finds on the hard drive. In addition to encrypting data, the ETH Ransomware also will:
- Append the extension '.id-<VICTIM ID>.[Enigma1crypt@aol.com].ETH' to locked files.
- Drop the ransom note 'FILES ENCRYPTED.txt.'
- Disable the System Restore, and purge the Shadow Volume Copies. This makes data recovery a more difficult task.
The criminals behind the ETH Ransomware ask their victims to pay some Bitcoin and promise to provide them with a working decryptor as soon as this demand is met. We assure you that it is a terrible idea to trust ETH Ransomware's creators. Instead of trying to buy suspicious software off of them, you should run an up-to-date anti-virus scanner to eliminate the ETH Ransomware entirely. Once the Trojan is gone for good, you can start restoring files from a backup, or experiment with alternative data recovery options.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.