EnkripsiPC Ransomware
Posted: December 21, 2016
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 10/10 |
---|---|
Infected PCs: | 72 |
First Seen: | December 21, 2016 |
---|---|
Last Seen: | May 12, 2020 |
OS(es) Affected: | Windows |
The EnkripsiPC Ransomware is a Trojan that locks the files on your PC and uses a pop-up to ask you to contact its threat actors on how to pay to unlock them. Since these ransom payments often, if not necessarily always, backfire on their victims, malware experts encourage using other recovery strategies that don't give con artists a financial incentive for their attacks. Active anti-malware products with recently updated databases should find and delete the EnkripsiPC Ransomware before this Trojan can lock any content.
How to do Social Network with Con Artists
File-encoding Trojans that create profit by selling their victims' data back to them are a well-known phenomenon, but different threat actors may make use of them in slightly different ways. The installation method, the ransom currency, the types of files to attack, the nature of the data encryption, and even the communication method all are details malware experts see rotating through different strategies. The EnkripsiPC Ransomware, as an example, is one of the few Trojans of this type including social networking-based contact options.
The EnkripsiPC Ransomware is a member of a small family of Trojans known as the DetoxCrypto Ransomware, with this new release targeting Indonesians. After it installs itself, the EnkripsiPC Ransomware encrypts specific file formats with an AES-based algorithm and appends the '.fucked' extension to all their filenames, blocking them. Then, it loads an HTA pop-up, during which it also may play an accompanying audio warning or lock you out of accessing the Windows desktop.
The EnkripsiPC Ransomware's Indonesian-language pop-up asks for payment in Indian rupiahs (equivalent to over seven hundred USD, minimum) before giving you the decryption code, which is custom according to the name of each infected PC. The contact methods in use for paying this ransom are ones malware experts would associate with an amateur operation: redundant Gmail e-mail, YouTube, and even Facebook accounts. Its threat actor most likely is including multiple, redundant lines of communication to compensate for the authorities terminating each account as it's connected with illicit activity.
Keeping a Vulgar Extension Off Your Data
Besides blocking data like documents or pictures, the EnkripsiPC Ransomware also may auto-terminate essential security applications or take extra steps for guaranteeing its persistence on the system. Past campaigns by this family also have been known to use a high level of social engineering tactics, both for installing themselves and misrepresenting the nature of their payloads. Using complicated, regularly changed passwords to protect network-accessible PCs and scanning anything downloaded before opening it are two of the most relevant ways of protecting yourself from this threat.
Thanks to a third-party security researcher, the EnkripsiPC Ransomware does have a free decryptor that victims may wish to use for recovering any encrypted content without making any ransom payments. Before doing so, use appropriate anti-malware products for detecting and uninstalling the EnkripsiPC Ransomware, which is likely to use one or more components with misleading names (such as those of a Windows service). Readers also should note that, as usual, the presence or absence of the EnkripsiPC Ransomware's custom extension tag doesn't impact the encryption that's locking your files either positively or negatively.
Families of threats like the DetoxCrypto Ransomware continue benefiting from the rental-based business models that let threat actors deploy them in numerous, flexible ways. Whenever new versions of these old threats appear, like the EnkripsiPC Ransomware, they're strong reminders that threatening software is a problem evolving and adapting for virtually any PC that has contact with other ones constantly.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.