Evasive – another malware based on open source ransomware project

Evasive is a file-encrypting virus that is written based on the HiddenTear[1] code. The virus uses AES cryptography to corrupt data on the targeted computer and appends .locked file extension. Following successful encryption procedure, malware drops a ransom note in READ_ME.txt file where crooks ask to contact them via email.
Evasive ransomware targets the most popular file types in order to cause more damage to the victim and make him or her to pay the ransom. The virus is known to corrupt these types of files:
.aspx, .cpp, .csv, .doc, .docx, .h, .html, .jpg, .jsp, .lnk, .mdb, .odt, .pdf, .php, .png, .ppt, .pptx, .psd, .pst, .rar, .sql, .txt, .xls, .xlsx, .xml, .zip.
In the text file, authors of the Evasive virus tell victims to contact them via getkeys@tutanota.com within 12 hours since the attack. They also give a backup email (weknownit@mail2tor.com) if something goes wrong with the primary one. Additionally, criminals warn that the decryption key is available only for 48 hours.
However, it might be just a psychological terror and attempts to scare the victim into paying the ransom. Security experts from SemVirus.pt[2] suggest staying calm and do not rush into following hackers’ demands. They will ask to pay some Bitcoins, but they may never give you a working decryption software. Thus, it’s better to remove Evasive and try alternative recovery methods.
The malicious program makes numerous changes to the system. For this reason, it’s not recommended to eliminate crypto-virus manually. You should opt for the automatic Evasive removal method which requires scanning the system with FortectIntego or similar malware removal tools.
However, if ransomware prevents you from installing or using security software, reboot to Safe Mode with Networking or try System Restore methods (explanation below) to disable Evasive and run its automatic elimination.

Distribution techniques of the crypto-malware
The virus is most likely to enter the system when a user opens a malicious email attachment. Malware payload might be presented as a safe looking Word, PDF or another file. However, you should always look up for the signs of phishing email[3] instead of rushing to open the attachment.
Additionally, Evasive might infiltrate with the help of:
- malicious ads;
- bogus downloads;
- fake updates;
- exploit kits.
Keep in mind that even the strongest antivirus cannot protect you fully from the cyber attack. You have to watch your clicks and downloads in order not to be misled by dangerous content.
The correct way to eliminate Evasive from the computer
We want to stress out that only powerful security programs can safely and effectively remove Evasive from the computer. The malicious program is capable of injecting malicious code into legit system processes and install numerous harmful components that are hard to detect manually.
Only experienced IT specialists can wipe out malware from the device without causing the damage. However, home computer users do not need to bring their laptops or PCs to the nearest specialist. It’s enough to install reputable malware removal tool and get rid of the virus with it.
We recommend FortectIntego, SpyHunterCombo Cleaner or MalwarebytesMalwarebytes for Evasive removal. Of course, you can choose your preferred tool as well. However, if you have problems with its installation or system scan, check the guide below.
Was this guide helpful?
Be the first to comment