Ecovector Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 100 % (High) |
Infected Computers: | 39 |
First Seen: | June 1, 2016 |
OS(es) Affected: | Windows |
The Ecovector Ransomware is a variant of the Mahasaraswati Ransomware, a threat that uses email addresses located in India, colorful ransom notes with short text content, and often contains mentions to climate change or other supposed social issues. The Ecovector Ransomware belongs to a family of malware known as CryptoEncoder. The Ecovector Ransomware encrypts the victim's files and changes their name to include its contact email address and a hexadecimal identifier. According to the Ecovector Ransomware ransom note, it is necessary to contact the people responsible for the Ecovector Ransomware infection via email to receive further information.
Table of Contents
How the Ecovector Ransomware may Attack Your Computer
Like most ransomware infections, the Ecovector Ransomware is delivered as a corrupted executable file through typical malware delivery methods (most likely through spam email attachments or embedded links). Once the Ecovector Ransomware has entered a computer, it does three things:
- The Ecovector Ransomware connects to its Command and Control server to obtain configuration settings, send information about the infected computer and the encryption data.
- The Ecovector Ransomware changes Windows' settings to ensure that is runs whenever the computer user logs into Windows.
- The Ecovector Ransomware searches the victim's computer for common file types and begins encrypting these files.
Whenever the Ecovector Ransomware encrypts a file, it drops a text or HTML file in the directory where that file was located. The Ecovector Ransomware also changes the victim's Desktop image into a colorful image accompanied by a ransom note. The Ecovector Ransomware's ransom note files are named 'How to decrypt your files' and contain the following short sentence:
To decrypt your data write me to [email@india.com]
When computer users communicate with the email address associated with the Ecovector Ransomware, they receive a response similar to the message below:
Good morning, dear friend!
We are writing to inform you that our team of network security specialists has analyzed your system and has identified vulnerabilities in the protection.
We kindly draw your attention that defensive operation on your computer is not running properly and now the whole database is at risk.
All your files are encrypted and can not be accepted back without our professional help.
Obviously vulnerability analysis, troubleshooting, decoding the information and then ensuring safety are not a simple matter.
And so our high-grade and quick service is not free.
Please note that today the price of your files recovery is 3 Bitcoins, but next day it will cost 5 Bitcoins.
You should buy bitcoins here https://localbitcoins.com/faq
Read the paragraphs:
1. How to buy Bitcoins?
2. How do I send Bitcoins and how can I pay with Bitcoins after buying them?
The Bitcoin wallet for payment is 1DGMeKSALSkYGkedYDUgcvV8mP77WEGusQ
After the transfer of bitcoins please send email with screenshot of the payment page.
We does not advise you to lose time, because the price will encrese with each passing day.
As proof of our desire and readiness to help you, we can decipher a few of your files for test.
To check this you can upload any encrypted file on web site dropmefiles.com, size no more than 10 MB (only text file or a photo) and send us a download link.
Certainly after payment we guarantee prompt solution of the problem, decrypt the database to return to its former condition and consultation how to secure the rules of the system safety.
Kind regards
Preventing the Ecovector Ransomware Infections
The best way to deal with the Ecovector Ransomware is to prevent the attack from happening in the first place. Once the Ecovector Ransomware finishes the files encryption, it is not possible to decrypt them without access to the decryption key. Because of this, the best protection against the Ecovector Ransomware is to ensure that you have a backup of all files on an external device or the cloud. This way, computer users can recover from an Ecovector Ransomware attack easily by simply removing the Ecovector Ransomware with a reliable security program and then restoring the encrypted files from the backup. If this becomes a regular practice among computer users, con artists will no longer be able to profit from the Ecovector Ransomware attacks, making these infections no longer profitable.
SpyHunter Detects & Remove Ecovector Ransomware
File System Details
# | File Name | MD5 |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
---|---|---|---|
1. | Payload.exe | acb91ba1a61ab43a42868fb9cb331c4f | 19 |
2. | Payload_c.exe | 6ce6720da160f69da10a21354251395f | 11 |
3. | Payload_c.exe | 1feda78b4c195ca7e395038ff43e455e | 3 |
4. | Payload.exe | ceadf0c597ef1106b52b55506f873d2d | 1 |
5. | Payload.exe | 761f403838bbfd6d683f166636b2ce66 | 1 |