Enc1 ransomware is a cryptovirus that uses the AES algorithm to encode your data

Enc1 ransomware — a virus that encrypts files to request a ransom for the alleged data recovery. During the encryption process, cryptovirus changes the original code of such files as photos, videos or audio files. However, documents and even databases can also be encrypted. Then, it adds _enc1 file extension to every encrypted data, for example, xxxx.jpg becomes xxxx.jpg_enc1 and cannot be opened. The file appendix reminds a different cyber threat – MOTD ransomware, but there are not enough similarities to state that Enc1 ransomware is yet another version of another cryptovirus. When the encryption process is done, the victim gets a ransom note in a file called decrypt_<10characters>.txt. The ransom message provides a unique identification key, a contact email alongside the instructions on how to pay. Ransomware-type threats demand payments in chosen cryptocurrency and focus on getting money from the victim.
| Name | Enc1 ransomware |
|---|---|
| Type | Cryptovirus |
| File marker | _enc1 |
| Contact email | zazakuku@protonmail.com |
| Encryption method | AES algorithm |
| A pattern of the ransom note | decrypt_.txt |
| Elimination | Use trustworthy anti-malware for Enc1 ransomware removal and clean the system using FortectIntego |
Enc1 ransomware virus was discovered on the first half on January 2019 and researchers haven't found much information about it. However, like many other ransomware-type threats, this one has a few distinct features because it can:
- encrypt your files;
- alter registry entries;
- disable or launch programs;
- manipulate system processes;
- install additional files or programs.
There are a few changes this Enc1 ransomware can make on the system without your permission, but the most dangerous one is the file-locking.[1] For the encryption this threat employs the AES encryption algorithm that helps to change the original code of a file.
After the Enc1 ransomware encryption files get _enc1 file marker, hence the name of the threat. However, the more significant danger is when the ransom note gets placed on the screen. In the file named with random characters, virus developers ask for a ransom that most likely depends on the number of files that need to be recovered or the time you've waited before contacting criminals.
Enc1 ransomware ransom message is generated in the decrypt_.txt file which reads the following:
Ooops. your important files are encrypted.
If you see this text, then your files are no longer accessible,
because they
have been encrypted.Perhaps you are busy looking for a way to recover your
files, but don’t waste your time. Nobody can recover your files without our
decryption service.
We guarantee that you can recover all your files safely and easily.All you
need to do is submit the payment and purchase the decryption key.
Do not try to recover your files on your own or with someone else,
because after the intervention you can remain without your data forever.
Please follow the instructions :
1.Contact us at e-mail: zazakuku@protonmail.com
or bitmessage: BM-2cVs4XGzzFtA7wiM6TPDnohTKh47vvCS1k
2.Get your KEY and IV
3.Have a Nice Day
Key: tWEY8zHJabpyNapKGHcFR***A6zDo=
IV: 67+TjI1EikzpMpONPOI8Og==
You shouldn't consider paying the ransom for the locked files. Remove Enc1 ransomware and restore files from a backup instead. You can only do so on a malware-free device because ransomware can encrypt your data again if not eliminated correctly.
You should focus on Enc1 ransomware removal and clean the computer further using FortectIntego or another PC repair tool. This way you can eliminate any virus damage and improve the performance of your machine. We also provide a few additional tips below the article to help with your malware termination.

Documents from suspicious emails come embedded with macros
Malicious programs like ransomware mostly get distributed via email spam because payload droppers can be sent in bulk and this way ransomware is distributed on a handful of machines at the time.[2] In most cases, these emails impersonate well-known companies or services to trick users into downloading the attached document.
Unfortunately, when the file gets installed on the system malicious executable can launch the necessary process and infiltrate the system with various malware. Researchers[3] always advise paying more attention to emails you get so you can avoid these infiltrations. You should delete emails you were not expecting and always scan the file before downloading on the computer.
Delete all files related to Enc1 ransomware virus
The vital step of Enc1 ransomware elimination is to double-check before anything else because deleting the main file might not be enough. You should employ professional anti-malware tools, so you can be sure that every related program is eliminated entirely.
Also, you need to remove Enc1 ransomware from the computer entirely before data recovery especially. If you plug in the external device containing your file backups when the device is not clean, you can lose your data permanently. Double-check after the initial virus termination to make sure.
Use FortectIntego, SpyHunterCombo Cleaner or MalwarebytesMalwarebytes for the Enc1 ransomware removal or choose other anti-malware programs that are reputable and trustworthy. Make sure to get them from an official website or legitimate provider to avoid additional software bundles.
Was this guide helpful?
Be the first to comment