_encrypted ransomware – cryptovirus with specified ransom amount

_encrypted virus was detected on October 26th. Usually, ransomware get their names from the appended extensions, such as Alvin, AnonymouS, etc. This particular ransomware doesn't have a specific name that shows that it's an experimental sample.
Furthermore, in the ransom note (README_encrypted.txt), there are no contact details, only a definitive amount ought to be paid – $1,000. The whole ransom note is written in English but is very short and uninformative (see below this paragraph). And the name of the downloadable file isn't cryptic at all – ransomware32.exe, ransomware32.bin.exe.
Although this ransomware might be just a sample of what's to come, it still encrypts[1] user data. After infection, files would be appended with an extension “_encrypted” and would become inaccessible.
All other files are safe, but it's strongly recommended to delete the virus along with all its malicious files immediately before it does any more harm. To completely remove _encrypted virus from your device, use SpyHunterCombo Cleaner, MalwarebytesMalwarebytes or any other trustworthy and reliable software like this.
| NAME | _encrypted virus, _encrypted ransomware |
| TYPE | Malware, ransomware, cryptovirus |
| EXTENSION | _encryped |
| FILE NAME |
ransomware32.exe, ransomware32.bin.exe |
| RANSOM NOTE | Appears in a newly created file README_encrypted.txt on users' folder. |
| RANSOM AMOUNT | 1000 USD dollars is the asking price for decryption tool/key |
| CONTACT EMAIL | Contact email isn't provided |
| DISTRIBUTION | Torrent websites, file sharing platforms, spam email |
| REMOVAL | Although this malware might be just a sample, it is highly recommended to immediately remove _encrypted virus from your device using SpyHunterCombo Cleaner or MalwarebytesMalwarebytes anti-malware software |
| SYSTEM FIX | Like all malware, this ransomware might have done some damage to users' system files. To restore your system to it's normal state use FortectIntego tool |
If victims of _encrypted virus didn't keep backups of data in the users' folder, if possible, transfer all the affected files to an empty USB drive and wait for a decoding key to be released by third parties. In the future, remember always to keep backups of all your sensitive information on at least two separate devices.
According to VirusTotal,[2] 40 of 69 antivirus engines have detected the incoming threat and prevented system infection. This emphasizes the importance of trustworthy, powerful anti-malware software. Examples of names _encrypted virus was caught by (as evident, most of security tools detected the sample by using heuristic[3] method, which is not unusual for new malware samples):
- Trojan.GenericKD.34934946
- W32.Trojan.Gen
- Ransom.MetadataBin
- Ransom:Win32/FileCoder.AB!MTB
- Trojan.Win32.Udochka.ae
- Win32:Malware-gen, etc.
Enclosed ransom demand message in the README_encrypted.txt file:
ATTENTION!!! ALL YOUR FILES HAVE BEEN ENCRYPTED
YOU HAVE TO PAY $1000 DOLLARS TO UNLOCK YOUR FILES.
PLEASE CONTACT .onion using Tor Browser.
Make sure to provide the metadata.bin file that you can find in your user folder.

Malware evasion methods
There are various ways to catch malware on the internet. The most frequent distribution methods are file-sharing platforms, spam emails, and torrent sites, to name a few. People may never know what other users really uploaded to a torrent site or a file-sharing forum and what their intentions might be, e.g., an infection might start after a download of an innocent-looking game cheat code file or some illegal activation code, popularly knows as “crack”. To avoid becoming victims of cybercrimes, downloads of necessary apps and their updates should only be done via their developer, thus official, websites/apps.
Devices could end up with ransomware after opening malicious files from emails sent by mischievous perpetrators. Email users should always be attentive to emails their opening and what attachments they are downloading. To be safe, it's recommended to scan email attachments prior to downloading/viewing them with a dependable anti-malware software. And remember to always keep backups of essential data in separate devices, servers.

Ransomware removal guide
The ransomware removal process should be trusted to professionals as it is proven to be a lengthy and tough task to do manually. To remove _encoded virus, before it has done more damage, use SpyHunterCombo Cleaner or MalwarebytesMalwarebytes. These trustworthy apps will not only eliminate the virus automatically but also prevent your devices from infections in the future by immediately detecting it and isolating the infectious files before they can cause any harm.
Malware such as _encrypted virus is able not only to encrypt the files of your device but also to modify system files. These altercations might cause your computer system to exhibit awkward behavior. To restore your system, use FortectIntego or similar dependable software.
Was this guide helpful?
Be the first to comment