EduCrypt Ransomware

The EduCrypt Ransomware is a Trojan that uses data encryption as a method of frightening and 'educating' its victims. Although current versions of the EduCrypt Ransomware don't ask for any cash payments, they do link to potentially untrustworthy decryption tools, and otherwise, conduct attacks that violate the integrity of your PC's data. PC owners dealing with this threat should use traditional anti-malware tools for deleting the EduCrypt Ransomware and recover their data by safe methods, instead of those recommended by threat developers.

The High Price of Threat Education

The motivations of the modern threat industry lean invariably towards profit at almost any cost, but the origins of threats like viruses steep themselves in more capricious motives than greed. The EduCrypt Ransomware is a new Trojan that, in some ways, calls back to the 'simpler' time of programmers creating threats for mischief, rather than money. However, like many for-profit Trojans, it uses the Hidden Tear for a foundation of code.

The EduCrypt Ransomware is a much-reduced variant of the Hidden Tear, and, unlike most file encrypting Trojans, uses a universal decryption key that applies to any infection. The EduCrypt Ransomware targets directories associated with the Windows user's profile, including Downloads and Documents, and only encrypts a limited range of formats (such as DOC, MP3, XLS and PPT). Encrypted files are identifiable with the appended '.locked' or '.isis' tag, although malware experts have seen no other evidence of political affiliations within this Trojan campaign.

Last of all, the EduCrypt Ransomware creates a text message informing the victim of the attack. Instead of requesting money, the EduCrypt Ransomware sends the victim on a 'scavenger hunt' for a second file that contains the universal decryption key (HDJ7D-HF54D-8DN7D) and links to a download of a possible decryption application. Malware experts don't encourage using this product, whose safety is unverified, especially since legitimate PC security entities already provide working decryptors for most Hidden Tear-based Trojans.

Getting a Passing Grade in Trojan Protection Class

The EduCrypt Ransomware's primary purpose appears to be fear-mongering or informing PC users in general about the potential dangers that the threat industry is capable of inflicting on an unprotected machine. On the other hand, the EduCrypt Ransomware still takes arbitrary actions that could damage your local data and links to downloads that could be Trojan horses for further attacks. At best, this threat is guilty of causing harm for the sake of preventing the EduCrypt Ransomware in equal measure, and should be assumed to be just as unsafe for your PC as any Trojan.

Use decryptors offered by reputable security organizations for decrypting any data as needed. In circumstances where decryption is less than practical, malware researchers also recommend backing up your information on a regular basis, thereby preventing a single attack from gaining long-term access to any irreplaceable files. In most file-encrypting attacks, local backups are more at risk of being deleted than backups stored in other locations, such as a cloud account's server.

All samples of the EduCrypt Ransomware to date have shown extremely limited capabilities, and this threat does appear to be a genuine attempt at causing a limited amount of damage for the sake of teaching a lesson. Your anti-malware programs should be able to remove the EduCrypt Ransomware without interference, although detecting its installers is a preferable option that can stop your local content from being encrypted at all.

Victims also may note that the EduCrypt Ransomware's offered decryptor is verifiable for being ineffective at decrypting any content with the '.isis' extension.