FileEngineering Ransomware

The FileEngineering Ransomware is a file-locking Trojan that's not part of a known family. The FileEngineering Ransomware can block most files on Windows computers through encryption, adds extensions to their names with ransoming details, and creates security engineer-themed ransom notes in Notepad. Users with adequate backups should suffer little damage from infections, and most AV vendors should provide solutions for safely removing the FileEngineering Ransomware.

The Engineer that Does More Harm than Good

Most file-locking Trojans, even ones without relationships with open-source projects or Ransomware-as-a-Services, recycle the old messages of past campaigns with few qualms. When a brand-new ransom note appears, therefore, the threat in question becomes something of a novelty, as in the FileEngineering Ransomware's campaign. While symptomatically almost indistinguishable from the average ripoff of Hidden Tear or the STOP Ransomware, this Trojan offers a new spin on social engineering in its extortion.

There are at least two variants of the File Engineering Ransomware, although they differ solely in the e-mail addresses they use for the ransom negotiations. The FileEngineering Ransomware, firstly, blocks the victim's media files (documents, images, databases, audio, etc.) by encrypting them with an algorithm malware researchers have yet to confirm. The File Engineering Ransomware also flags the files as non-opening by adding extensions, which is a tradition amongst file-locker Trojans. The FileEngineering Ransomware's format for the latter features includes a bracketed ID number, a separately-bracketed e-mail with the 'FileEngineering' string, and a generic 'encrypted extension.

The text note that the FileEngineering Ransomware is one that asks for the usual Bitcoins in return for restoring the user's non-working files. However, the wording is unique to this Trojan's campaign and carries the unusual 'security engineer' theme with ambiguity regarding the author's profession or intentions. Unlike some notes, which tactic victims by pretending that they're unrelated technical support, the FileEngineering Ransomware claims responsibility for the attack but also asserts the author's supposed cyber-security credentials.

Taking Crank Engineering Out of Media Recovery

Like the file-locking Trojans less original than it, the FileEngineering Ransomware is hindered by victims with effective backup solutions in place before infection primarily. Malware experts can't yet confirm the Restore Point deletion among the FileEngineering Ransomware's features but recommend acting on the possibility and storing a backup in one or more external locations, such as removable storage drives. Windows users are the only ones at risk from the FileEngineering Ransomware, but file-locking Trojans are targeting other operating systems with similar hostage-taking strategies increasingly.

Users should also remember that paying the FileEngineering Ransomware's ransom, regardless of any credentials the Trojan asserts, may not give back the result that they want. Threat actors sometimes withhold decryption services or provide buggy solutions that corrupt files beyond recovery. Paying also has the drawback of motivating future attacks from threats like the FileEngineering Ransomware.

Web surfers who avoid illicit downloads, unofficial updates, and suspicious e-mail attachments shouldn't be at much risk for infection. Disabling features like Flash and JavaScript will further improve security for most users. Admins also should consider checking their login credentials for weaknesses that attackers could exploit.

Professional anti-malware tools should remove the FileEngineering Ransomware without letting it harm any files, but once the damage occurs, full file recovery becomes highly-questionable and potentially impossible.

As the FileEngineering Ransomware wheedles its way into victims' hearts through pretensions of security assistance, no one should forget that its goals are the same as any Ransomware-as-a-Service crook. Security 'engineer' or not, it's a danger to any files worth keeping as long as there aren't backups for counteracting it.