Empty Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 100 % (High) |
| Infected Computers: | 16 |
| First Seen: | August 25, 2017 |
| Last Seen: | September 5, 2019 |
| OS(es) Affected: | Windows |
The Empty Ransomware is an encryption ransomware Trojan first observed on August 25, 2017. The Empty Ransomware (like most encryption ransomware Trojans) is designed to take the victims' PCs hostage to demand a ransom payment. To do this, the Empty Ransomware will encrypt the victim's files, holding them hostage until the victim pays a ransom in exchange for the decryption key or software. This is a common tactic that has increased in popularity through 2017 dramatically. Take precautions to ensure that your data is protected against tactics like the Empty Ransomware.
Table of Contents
A Brief Analyze of the Empty Ransomware Trojan
The Empty Ransomware is a variant of CryptMix, a ransomware Trojan that already had been observed by PC security researchers in 2017. There are several other encryption ransomware Trojans released in 2017 that are variants of this same ransomware family. The Empty Ransomware may be delivered using spam email messages. These spam emails will contain attachments that use Microsoft Word documents with enabled macros to download and install the Empty Ransomware onto the victim's computer. Once the Empty Ransomware has encrypted a file, it will rename it by adding the file extension '.empty' to the end of each affected file's name, which will make these files to become inaccessible without the decryption software or key necessary to access it.
How the Empty Ransomware Attack Works
The main purpose of the Empty Ransomware is to encrypt numerous files types, including texts, photos, presentations, music, video, audio, databases, spreadsheets, configuration files, and numerous other user-generated files. The Empty Ransomware will encrypt only the targeted files, laying aside the files necessary for the Windows OS to operate normally. This is done so that victims can read a ransom note and carry out a ransom payment to recover their files. In its attack, the Empty Ransomware uses a combination of the AES and RSA encryptions, which are strong encryption algorithms that make it nearly impossible to recover files encrypted by the attack. Once the Empty Ransomware has encrypted a victim's files, these files become unrecoverable and might as well have been deleted. This is because it is very unlikely that in the end, the con artists will deliver the decryption key necessary to recover the affected files, even if the ransom is paid.
The Empty Ransomware’s Ransom Demands
After encrypting the victim's files, the next step in these tactics is let the victim know of the attack and demand a ransom payment. To do this, the Empty Ransomware drops a text file on the infected PC's desktop. This text file is named '_HELP_INSTRUCTION.txt' and contains the following text:
'Hello!
Attention! All Your data was encrypted!
For specific informartion, please send us an email with Your ID number:
empty01@techmail.info
empty02@yahooweb.co
empty003@protonmail.com
We will help You as soon as possible!
DECRYPT-ID-[RANDOM CHARACTERS]'
PC security researchers strongly advise computer users to avoid contacting the people responsible for the Empty Ransomware at the email addresses listed in the Empty Ransomware ransom note. It is very unlikely that they will help the victims recover their files and, even if they do, it is likely that the victim will be targeted for additional tactics (having demonstrated a willingness to pay once).
Dealing with the Empty Ransomware
Since the people responsible for the Empty Ransomware cannot be trusted to deliver the decryption key and, even if they do, it may cost more than a thousand US dollars in ransom payments, preventive measures are the key to dealing with ransomware Trojans like the Empty Ransomware. The best preventive measure to protect your data from the Empty Ransomware is to use a reliable backup system. Having file backups means that the victims of the Empty Ransomware attack have no need to comply with the Empty Ransomware's conditions and can, instead, restore the affected files from a backup copy. This, coupled with a reliable security program, is the best protection against threats like the Empty Ransomware.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.