Virus-encoder Ransomware

Posted: July 5, 2019

The Virus-encoder Ransomware is a file-locker Trojan without any confirmed family The Virus-encoder Ransomware can block your files with an encryption routine that runs automatically and attempts to profit from this attack by leaving behind a message with ransom instructions. You should back up any media content to other systems or devices whenever possible, and depend on anti-malware services for removing the Virus-encoder Ransomware at all times.

A Riddle for Readers: When is a Virus not a Virus?

Since each company in the cyber-security industry maintains its separate database and naming conventions, the labels that any specific threat acquires can be both numerous and, sometimes, confusing or misleading. In the case of the deceptively-titled the Virus-encoder Ransomware, it implies a somewhat inaccurate classification, although guessing at the fundamentals of its payload isn't hard. This Trojan – not a virus – is a file-locking program that 'talks' like a version o the GetCrypt Ransomware.

The Virus-encoder Ransomware's design doesn't include any code-injection into third-party files, like a proper virus, and neither is it a relative of other threats familiar to malware experts. It's a Windows program that locks, by way of encryption, files such as JPG pictures, Word DOCs, or Excel XLSX spreadsheets for keeping them as hostages. In the same directory as this media, the Trojan creates an HTML file with text that's a copy of the GetCrypt Ransomware's note – hence the case of mistaken identity.

The ransom note asks for contacting an e-mail address for buying the decryption key, and malware experts have no further information on the ransoming details, such as the use of cryptocurrencies or vouchers. Since the Virus-encoder Ransomware's attack against media has the possibility of being permanent, users should work around the hostage scenario by keeping backups of all files elsewhere. The ShadowVolume Copies and the Restore Points, also, may be available, in some cases.

The Dangers of a Trojan's Testing Ground

The combing through the Virus-encoder Ransomware's payload that malware analysts are doing is showing off multiple characteristics that imply its 'in-development' status. The Virus-encoder Ransomware blocks content in a 'test' directory and generates a visible file with its encryption codes. However, users still should consider it as being threatening since the encryption portion of its payload is working and capable of damaging documents and other media. Additionally, it also contacts addresses with a history of black hat software-related activities.

Overemphasizing the value and potency of a backup plan against any file-locking Trojan is nearly impossible. For other protective steps, users can lower their infection chances by disabling browser features like JavaScript and Flash, scanning all downloads before opening them, avoiding macro-based document content, and updating software – especially, Web server and document reader-related programs. Secure password management also is relevant to all network or site admins.

Many anti-malware services are identifying the Virus-encoder Ransomware generically or inaccurately. Update your anti-malware products before attempting any uninstalling of the Virus-encoder Ransomware, and consider using features like Safe Mode for negating any interference.

The Virus-encoder Ransomware's name and looks say things that aren't in-character for this straightforward threat. It's a new file-locking Trojan on the block, but like the older ones, it can't get its ransoms without the unwilling assistance of the victims.
threat. Then, you should preserve the encrypted files in case a decryptor is released in the future.