Home Malware Programs Trojans Trojan.Ransomcrypt.E

Trojan.Ransomcrypt.E

Posted: August 29, 2013

Threat Metric

Threat Level: 9/10
Infected PCs: 19
First Seen: August 29, 2013
Last Seen: April 6, 2022
OS(es) Affected: Windows

Trojan.Ransomcrypt.E is a Windows locker Trojan that blocks the screen with a ransom demand that's paired with a file-encrypting attack. The latter attack will make various file formats unusable, although SpywareRemove.com malware experts note that it does not affect any non-fixed drives (such as removable devices). File-encrypting PC threats like Trojan.Ransomcrypt.E Trojans are best defeated with a combination of remote backup files (to restore all encrypted files to normal), security features that can disable Trojan.Ransomcrypt.E's lockdown and, finally, anti-malware products for removing Trojan.Ransomcrypt.E. The Trojan.Ransomcrypt.E removal methods recommended by SpywareRemove.com malware experts never call for the payment of its ransom, which is unlikely to help your PC or any files on it.

When a Ransomware Alert is Slightly Less Fraudulent Than Usual

Joining the ranks of the few and not-so-proud Trojans like Win32:Ransom-AOQ and 'Say Hello To Little Virus Brings A Lot Of Problems' Ransomware, Trojan.Ransomcrypt.E also encrypts a wide range of files on your computer to make them unusable. While this doesn't damage the contents of these files irreparably, it does prevent you from using them until you decrypt them – either by acquiring the decryption code (an unlikely solution) or using a free decryption utility. These file-encrypting attacks are common threats by Windows locker ransomware Trojans like Trojan.Ransomcrypt.E, but most criminals consider it too much trouble to code the actual encryption attack. Unfortunately, Trojan.Ransomcrypt.E has been verified as one of the few that backs up their bluffs with real attacks.

Trojan.Ransomcrypt.E informs you of its encryption attack with a modified browser pop-up that Trojan.Ransomcrypt.E may load from any of multiple websites. This pop-up demands that you pay a Ukash fee to criminals to restore your computer's files and warns that any tampering with your computer may cause the fee to rise significantly. Additionally, SpywareRemove.com malware researchers note that Trojan.Ransomcrypt.E's pop-up attack also prevents you from using other programs – at least until you've found a way to deal with Trojan.Ransomcrypt.E's automatic startup exploit.

Reviving Your Files from Trojan.Ransomcrypt.E's Digital Crypt

Just as Trojan.Ransomcrypt.E's attack takes multiple steps to complete its goal of delivering a demand of cash transfer to criminals, the solution to a Trojan.Ransomcrypt.E infection requires multiple steps in turn. Blocking Trojan.Ransomcrypt.E by loading your PC from a backup OS (through a peripheral hard drive or a network-accessible location) will help you load your operating system without Trojan.Ransomcrypt.E locking it. Of course, SpywareRemove.com malware researchers particularly recommend using anti-malware software for deleting Trojan.Ransomcrypt.E, as a confirmed Trojan that is a significant security risk. Lastly, if you keep backups of all your important files (as always is recommended), you should be able to restore them and ignore the encryption attack, although there also are free decryption tools that may be compatible with Trojan.Ransomcrypt.E's current encryption methods.

Because Trojan.Ransomcrypt.E's distribution is overall quite low, you only have a small chance of your PC being attacked by Trojan.Ransomcrypt.E. This chance can be reduced even more than usual by practicing what SpywareRemove.com malware researchers would consider safe Web-browsing habits, such as avoiding malicious websites, updating all software regularly and scanning files before opening them.

Technical Details

Additional Information

The following URL's were detected:
[http://]107.6.112.86/08da3196-0115-49e3[REMOVED][http://]107.6.112.86/a614ef1c-a9c8-48ad[REMOVED][http://]107.6.112.86/b273e158-8982-47e3[REMOVED][http://]107.6.112.86/b7cc7b7b-7502-4eec[REMOVED][http://]107.6.112.86/de/1024x76[REMOVED][http://]107.6.112.86/de/1152x86[REMOVED][http://]107.6.112.86/de/1280x102[REMOVED][http://]107.6.112.86/de/1280x80[REMOVED][http://]107.6.112.86/de/1366x76[REMOVED][http://]107.6.112.86/de/1440x90[REMOVED][http://]107.6.112.86/de/1600x90[REMOVED][http://]107.6.112.86/de/1680x105[REMOVED][http://]107.6.112.86/de/1920x108[REMOVED][http://]107.6.112.86/de/768x102[REMOVED][http://]107.6.112.86/de/default[REMOVED][http://]107.6.112.86/en/1024x76[REMOVED][http://]107.6.112.86/en/1152x86[REMOVED][http://]107.6.112.86/en/1280x102[REMOVED][http://]107.6.112.86/en/1280x80[REMOVED][http://]107.6.112.86/en/1366x76[REMOVED][http://]107.6.112.86/en/1440x90[REMOVED][http://]107.6.112.86/en/1600x90[REMOVED][http://]107.6.112.86/en/1680x105[REMOVED][http://]107.6.112.86/en/1920x108[REMOVED][http://]107.6.112.86/en/768x102[REMOVED][http://]107.6.112.86/en/default[REMOVED][http://]107.6.112.86/es/1024x76[REMOVED][http://]107.6.112.86/es/1152x86[REMOVED][http://]107.6.112.86/es/1280x102[REMOVED][http://]107.6.112.86/es/1280x80[REMOVED][http://]107.6.112.86/es/1366x76[REMOVED][http://]107.6.112.86/es/1440x90[REMOVED][http://]107.6.112.86/es/1600x90[REMOVED][http://]107.6.112.86/es/1680x105[REMOVED][http://]107.6.112.86/es/1920x108[REMOVED][http://]107.6.112.86/es/768x102[REMOVED][http://]107.6.112.86/es/default[REMOVED][http://]107.6.112.86/fr/1024x76[REMOVED][http://]107.6.112.86/fr/1152x86[REMOVED][http://]107.6.112.86/fr/1280x102[REMOVED][http://]107.6.112.86/fr/1280x80[REMOVED][http://]107.6.112.86/fr/1366x76[REMOVED][http://]107.6.112.86/fr/1440x90[REMOVED][http://]107.6.112.86/fr/1600x90[REMOVED][http://]107.6.112.86/fr/1680x105[REMOVED][http://]107.6.112.86/fr/1920x108[REMOVED][http://]107.6.112.86/fr/768x102[REMOVED][http://]107.6.112.86/fr/default[REMOVED][http://]107.6.112.86/it/1024x76[REMOVED][http://]107.6.112.86/it/1152x86[REMOVED][http://]107.6.112.86/it/1280x102[REMOVED][http://]107.6.112.86/it/1280x80[REMOVED][http://]107.6.112.86/it/1366x76[REMOVED][http://]107.6.112.86/it/1440x90[REMOVED][http://]107.6.112.86/it/1600x90[REMOVED][http://]107.6.112.86/it/1680x105[REMOVED][http://]107.6.112.86/it/1920x108[REMOVED][http://]107.6.112.86/it/768x102[REMOVED][http://]107.6.112.86/it/default[REMOVED][http://]107.6.112.86/pl/1024x76[REMOVED][http://]107.6.112.86/pl/1152x86[REMOVED][http://]107.6.112.86/pl/1280x102[REMOVED][http://]107.6.112.86/pl/1280x80[REMOVED][http://]107.6.112.86/pl/1366x76[REMOVED][http://]107.6.112.86/pl/1440x90[REMOVED][http://]107.6.112.86/pl/1600x90[REMOVED][http://]107.6.112.86/pl/1680x105[REMOVED][http://]107.6.112.86/pl/1920x108[REMOVED][http://]107.6.112.86/pl/768x102[REMOVED][http://]107.6.112.86/pl/default[REMOVED][http://]107.6.112.86/pt/1024x76[REMOVED][http://]107.6.112.86/pt/1152x86[REMOVED][http://]107.6.112.86/pt/1280x102[REMOVED][http://]107.6.112.86/pt/1280x80[REMOVED][http://]107.6.112.86/pt/1366x76[REMOVED][http://]107.6.112.86/pt/1440x90[REMOVED][http://]107.6.112.86/pt/1600x90[REMOVED][http://]107.6.112.86/pt/1680x105[REMOVED][http://]107.6.112.86/pt/1920x108[REMOVED][http://]107.6.112.86/pt/768x102[REMOVED][http://]107.6.112.86/pt/default[REMOVED][http://]93.115.93.16:9007/a[REMOVED][http://]93.115.93.16:9007/f[REMOVED][http://]93.115.93.16:9007/g[REMOVED]
Loading...