Threat Database Ransomware 3nCRY Ransomware

3nCRY Ransomware

By GoldSparrow in Ransomware

The 3nCRY Ransomware is an encryption ransomware Trojan released in early September 2017 that seems to have fallen off the radar of many PC security researchers. The 3nCRY Ransomware carries out a typical encryption ransomware Trojan attack, encrypting victims' files and then demanding the payment of a ransom. These threats only target the user-generated files, making the victim's data useless but keeping the files necessary for the Windows operating system remain intact. This allows them to deliver a ransom note to the victim and collect payments (which would not be possible if the entire victim's computer were rendered useless). PC security researchers strongly advise computer users to take precautions against the 3nCRY Ransomware and the countless encryption ransomware Trojans that are in activity currently.

How the 3nCRY Ransomware Infection Works

The 3nCRY Ransomware uses a strong encryption algorithm in its attack, making it nearly impossible to recover the files affected by a 3nCRY Ransomware infection. The 3nCRY Ransomware is unique among many other encryption ransomware Trojans in that it displays different versions of its ransom note, changing languages to ensure that victims in multiple geographical locations understand the nature of the attack. The 3nCRY Ransomware demands that the victims pay a large ransom of 0.5 Bitcoin to a particular Bitcoin wallet. Malware researchers strongly advise PC users to refrain from doing this. There is no reason to believe that the con artists are capable of knowing who has paid the ransom or they have the means to help victims recover from the 3nCRY Ransomware attack. The full text of the different versions of the 3nCRY Ransomware ransom note reads:

'Hello,
Your files are encrypted.
Pay 0.5 BTC (bitcoin)
Your files will be decrypted 48 hours after receipt of payment.
cordially
adresse: 1J853DwYBASNegyhLsZF1YkD7JzGnJ1U2J
--------------------------------------------------------------
Hola,
Sus archivos están encriptados.
Pague 0.5 BTC (bitcoin)
Sus archivos serán descifrados 48 horas después del recibo del pago.
cordialment
eAdresse: 1J853DwYBASNegyhLsZF1YkD7JzGnJ1U2J
--------------------------------------------------------------
Olá,
Seus arquivos estão criptografados.
Pagando 0.5 BTC (bitcoin)
Seus arquivos serão descriptografados 48 horas após o recebimento do pagamento.
Cordialmente
Adresse: 1J853DwYBASNegyhLsZF1YkD7JzGnJ1U2J
--------------------------------------------------------------
你好,
您的文件已加密。
支付0.5 BTC(比特币)
您的文件将在收到付款后48小时解密。
亲切
地址:1J853DwYBASNegyhLsZF1YkD7JzGnJ1U2J
--------------------------------------------------------------
Здравствуйте,
Ваши файлы зашифрованы.
Оплатить 0.5 BTC (биткойн)
Ваши файлы будут расшифрованы через 48 часов после получения оплаты.
сердечно
адресуют: 1J853DwYBASNegyhLsZF1YkD7JzGnJ1U2J'

How the 3nCRY Ransomware may be Distributed

Trojans like the 3nCRY Ransomware may be distributed in several ways. PC security researchers have observed some methods that are being used to distribute threats like the 3nCRY Ransomware:

  1. Trojans like the 3nCRY Ransomware will try to reach their victims through spam email attachments or embedded links. Victims will receive an email message that prompts them to click on a link or download an attached file, which may arrive through the use of convincing social engineering techniques. Following the instructions downloads the 3nCRY Ransomware infection onto the victim's computer.
  2. Con artists also can install the 3nCRY Ransomware directly on victims' computers. One common method of gaining access to victim's computers is to take advantage of unsecured RDP (Remote Desktop Protocol) connections, weak passwords or other precarious security to gain access to a PC and install the 3nCRY Ransomware or other threats.
  3. The 3nCRY Ransomware can be distributed by other methods, which include corrupted websites that use exploit kits to install the 3nCRY Ransomware on the visitors' computers, as well as fake downloads and corrupted advertisements.

You should protect your computer against ransomware like the 3nCRY Ransomware. The best way to do this is to have backup copies of your files in a place that a threat can't have access. Having backups gives computer users to recover their files quickly, undoing the 3nCRY Ransomware tactic.

Trending

Most Viewed

Loading...