Skip to content
  • Active
  • Severity: High
  • Ransomware
  • Windows
  • Verified · Oct 2020

How to remove _encrypted ransomware

A step-by-step removal guide for affected devices. Follow the verified procedure below — most readers complete it in under 10 minutes.

Gabriel E. Hall · Passionate web researcher

_encrypted ransomware – cryptovirus with specified ransom amount

_encrypted ransomware

_encrypted virus was detected on October 26th. Usually, ransomware get their names from the appended extensions, such as Alvin, AnonymouS, etc. This particular ransomware doesn't have a specific name that shows that it's an experimental sample.

Furthermore, in the ransom note (README_encrypted.txt), there are no contact details, only a definitive amount ought to be paid – $1,000. The whole ransom note is written in English but is very short and uninformative (see below this paragraph). And the name of the downloadable file isn't cryptic at all – ransomware32.exe, ransomware32.bin.exe.

Although this ransomware might be just a sample of what's to come, it still encrypts[1] user data. After infection, files would be appended with an extension “_encrypted” and would become inaccessible.

All other files are safe, but it's strongly recommended to delete the virus along with all its malicious files immediately before it does any more harm. To completely remove _encrypted virus from your device, use SpyHunterCombo Cleaner, MalwarebytesMalwarebytes or any other trustworthy and reliable software like this. 

NAME _encrypted virus, _encrypted ransomware
TYPE Malware, ransomware, cryptovirus
EXTENSION _encryped
FILE NAME

ransomware32.exe, ransomware32.bin.exe

RANSOM NOTE Appears in a newly created file README_encrypted.txt on users' folder.
RANSOM AMOUNT 1000 USD dollars is the asking price for decryption tool/key
CONTACT EMAIL Contact email isn't provided
DISTRIBUTION Torrent websites, file sharing platforms, spam email
REMOVAL Although this malware might be just a sample, it is highly recommended to immediately remove _encrypted virus from your device using SpyHunterCombo Cleaner or MalwarebytesMalwarebytes anti-malware software
SYSTEM FIX Like all malware, this ransomware might have done some damage to users' system files. To restore your system to it's normal state use FortectIntego tool

If victims of _encrypted virus didn't keep backups of data in the users' folder, if possible, transfer all the affected files to an empty USB drive and wait for a decoding key to be released by third parties. In the future, remember always to keep backups of all your sensitive information on at least two separate devices.

According to VirusTotal,[2] 40 of 69 antivirus engines have detected the incoming threat and prevented system infection. This emphasizes the importance of trustworthy, powerful anti-malware software. Examples of names _encrypted virus was caught by (as evident, most of security tools detected the sample by using heuristic[3] method, which is not unusual for new malware samples):

  • Trojan.GenericKD.34934946
  • W32.Trojan.Gen
  • Ransom.MetadataBin
  • Ransom:Win32/FileCoder.AB!MTB
  • Trojan.Win32.Udochka.ae
  • Win32:Malware-gen, etc.

 Enclosed ransom demand message in the README_encrypted.txt file:

ATTENTION!!! ALL YOUR FILES HAVE BEEN ENCRYPTED

YOU HAVE TO PAY $1000 DOLLARS TO UNLOCK YOUR FILES.

PLEASE CONTACT .onion using Tor Browser.

Make sure to provide the metadata.bin file that you can find in your user folder.

_encrypted ransomware virus

Malware evasion methods

There are various ways to catch malware on the internet. The most frequent distribution methods are file-sharing platforms, spam emails, and torrent sites, to name a few. People may never know what other users really uploaded to a torrent site or a file-sharing forum and what their intentions might be, e.g., an infection might start after a download of an innocent-looking game cheat code file or some illegal activation code, popularly knows as “crack”. To avoid becoming victims of cybercrimes, downloads of necessary apps and their updates should only be done via their developer, thus official, websites/apps.

Devices could end up with ransomware after opening malicious files from emails sent by mischievous perpetrators. Email users should always be attentive to emails their opening and what attachments they are downloading. To be safe, it's recommended to scan email attachments prior to downloading/viewing them with a dependable anti-malware software. And remember to always keep backups of essential data in separate devices, servers.

_encrypted files virus

Ransomware removal guide

The ransomware removal process should be trusted to professionals as it is proven to be a lengthy and tough task to do manually. To remove _encoded virus, before it has done more damage, use SpyHunterCombo Cleaner or MalwarebytesMalwarebytes. These trustworthy apps will not only eliminate the virus automatically but also prevent your devices from infections in the future by immediately detecting it and isolating the infectious files before they can cause any harm.

Malware such as _encrypted virus is able not only to encrypt the files of your device but also to modify system files. These altercations might cause your computer system to exhibit awkward behavior. To restore your system, use FortectIntego or similar dependable software.

Be the first to comment

Spyware news
Privacy preferences

We use cookies to improve your experience and analyze traffic. Some cookies enable embedded content like videos and social posts. Choose what you allow — you can change this anytime.