EnkripsiPC Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 100 % (High) |
Infected Computers: | 1 |
First Seen: | December 21, 2016 |
Last Seen: | May 12, 2020 |
OS(es) Affected: | Windows |
The EnkripsiPC Ransomware was reported on forums dedicated to cyber security, and it is an encryption Trojan that attacks users in Indonesia and neighboring countries in Southeast Asia. The EnkripsiPC Ransomware may be the work of God-fearing Muslims judging by the message left by the malware on infected computers. Islam is adhered by 40% of the population in Southeast Asia, and the EnkripsiPC Ransomware relates to its victims using traditional Arabic greetings while asking users to pay for the decryption key.
As-Salamu Alaykum or Peace onto You After You Pay the Ransom for the EnkripsiPC Ransomware
The EnkripsiPC Ransomware is released to users via corrupted documents attached to spam emails and uses several emails to facilitate payments. Researchers add that the EnkripsiPC Ransomware might use the code name IDRANSOMv3 which was spotted in its code. The developer of the IDRANSOMv3 (EnkripsiPC) Ransomware equipped the Trojan with a custom AES-256 cipher which is used to encipher files securely. The EnkripsiPC Ransomware works similarly to many variants based on the Hidden Tear project like Runsomewere Ransomware and WickedLocker Ransomware. The EnkripsiPC Ransomware can lock files on local drives and removable media like USB drives and media players. Some security analysts suspect that the EnkripsiPC Ransomware might be based on DetoxCrypto Ransomware that served as the source for Serpico Ransomware as well.
A Discomforting File Marker Is Placed on Encrypted Files
The IDRANSOMv3 Ransomware is designed to encode spreadsheets, presentations, images, audio, videos, PDFs and Ebooks that are not larger than 50MB. Also, users would notice their files feature the '.fucked' extension appended to the original file format. For example, 'NusaBay Menjangan 2016.jpeg' is transcoded to 'NusaBay Menjangan 2016.jpeg.fucked' and you will be unable to load the photo inside. As stated above, the EnkripsiPC Ransomware is associated with several email addresses and the list may be expanded when new versions of IDRANSOMv3 are discovered. Some of the emails linked to EnkripsiPC include:
- fulldoang@gmail.com
- mgfakhri@gmail.com
- muhlubaid69@gmail.com
Computer users may be welcomed to buy Bitcoin and transfer hundreds of dollars worth of Bitcoin to a wallet controlled by the team behind the EnkripsiPC Ransomware. Fortunately, the researcher Michael Gillespie managed to build a decryptor for the EnkripsiPC Ransomware which you can find on Google and download for free. ESG experts remind users that threats like EnkripsiPC received updates often and the free decryption tool may fail to help users infected with a new strand of EnkripsiPC Ransomware. It is best that you install a good backup manager and improve your cyber defenses with a trusted anti-spyware scanner. Thus, backups would ensure your data's survival and a security scanner would alert you of potential threats that are downloaded on the PC. The note used by EnkripsiPC Ransomware features the following message:
'Assalamualaikum Wr Wb
Kami telah Mengenkripsi semua file anda
alhasil file anda TIDAK BISA DIBUKA
dan semua file anda berekstensi .fucked
untuk mengembalikan semua file anda
silahkan bayar kepada kami agar kami
memberikan kode untuk mengembalikan
semua file anda
jika anda diam saja tidak melakukan apa apa
data anda tidak akan pemah bisa dibuka
sampai anda membayar kepada kami
itu saja sekiian dari kami
wassalamualaikum'
Translated in English:
'Peace be upon you, and Allah have mercy and blessings onto you
We have Encrypted all your files
consequently, your files CAN NOT OPEN
and all your files have the .fucked extension
to restore all your files
please send money to us so that we
provide the code to restore
all your files
if you are silent and do nothing
your data will never be decrypted
until you pay to us
that's all from us
peace be upon you'
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.