Ecovector Ransomware

The Ecovector Ransomware is a variant of the Mahasaraswati Ransomware, a threat that uses email addresses located in India, colorful ransom notes with short text content, and often contains mentions to climate change or other supposed social issues. The Ecovector Ransomware belongs to a family of malware known as CryptoEncoder. The Ecovector Ransomware encrypts the victim's files and changes their name to include its contact email address and a hexadecimal identifier. According to the Ecovector Ransomware ransom note, it is necessary to contact the people responsible for the Ecovector Ransomware infection via email to receive further information.

How the Ecovector Ransomware may Attack Your Computer

Like most ransomware infections, the Ecovector Ransomware is delivered as a corrupted executable file through typical malware delivery methods (most likely through spam email attachments or embedded links). Once the Ecovector Ransomware has entered a computer, it does three things:

1. The Ecovector Ransomware connects to its Command and Control server to obtain configuration settings, send information about the infected computer and the encryption data.
2. The Ecovector Ransomware changes Windows' settings to ensure that is runs whenever the computer user logs into Windows.
3. The Ecovector Ransomware searches the victim's computer for common file types and begins encrypting these files.

Whenever the Ecovector Ransomware encrypts a file, it drops a text or HTML file in the directory where that file was located. The Ecovector Ransomware also changes the victim's Desktop image into a colorful image accompanied by a ransom note. The Ecovector Ransomware's ransom note files are named 'How to decrypt your files' and contain the following short sentence:

To decrypt your data write me to [email@india.com]

When computer users communicate with the email address associated with the Ecovector Ransomware, they receive a response similar to the message below:

Good morning, dear friend!
We are writing to inform you that our team of network security specialists has analyzed your system and has identified vulnerabilities in the protection.
We kindly draw your attention that defensive operation on your computer is not running properly and now the whole database is at risk.
All your files are encrypted and can not be accepted back without our professional help.
Obviously vulnerability analysis, troubleshooting, decoding the information and then ensuring safety are not a simple matter.
And so our high-grade and quick service is not free.
Please note that today the price of your files recovery is 3 Bitcoins, but next day it will cost 5 Bitcoins.
You should buy bitcoins here https://localbitcoins.com/faq
Read the paragraphs:
1. How to buy Bitcoins?
2. How do I send Bitcoins and how can I pay with Bitcoins after buying them?
The Bitcoin wallet for payment is 1DGMeKSALSkYGkedYDUgcvV8mP77WEGusQ
After the transfer of bitcoins please send email with screenshot of the payment page.
We does not advise you to lose time, because the price will encrese with each passing day.
As proof of our desire and readiness to help you, we can decipher a few of your files for test.
To check this you can upload any encrypted file on web site dropmefiles.com, size no more than 10 MB (only text file or a photo) and send us a download link.
Certainly after payment we guarantee prompt solution of the problem, decrypt the database to return to its former condition and consultation how to secure the rules of the system safety.
Kind regards

Preventing the Ecovector Ransomware Infections

The best way to deal with the Ecovector Ransomware is to prevent the attack from happening in the first place. Once the Ecovector Ransomware finishes the files encryption, it is not possible to decrypt them without access to the decryption key. Because of this, the best protection against the Ecovector Ransomware is to ensure that you have a backup of all files on an external device or the cloud. This way, computer users can recover from an Ecovector Ransomware attack easily by simply removing the Ecovector Ransomware with a reliable security program and then restoring the encrypted files from the backup. If this becomes a regular practice among computer users, con artists will no longer be able to profit from the Ecovector Ransomware attacks, making these infections no longer profitable.

SpyHunter Detects & Remove Ecovector Ransomware