Encfiles Ransomware
The Encfiles Ransomware is a hurtful threat that could cause significant damage to the systems it is deployed on. Like most ransomware, Encfiles also carries a strong encryption routine with which it locks the targeted file types, including documents, photos, images, archives, PDFs, databases and more. The Encfiles Ransomware is a variant of a previously identified threat known as the Amnesia Ransomware.
The names of the encrypted files will be changed completely. Victims will notice that their files' names now consist of a random string of characters, followed by '.encfiles' as a file extension. A random note will be delivered to the breached device's desktop as a text file named 'HOW TO RECOVER ENCRYPTED FILES.TXT.'
According to the cybercriminals' ransom note, apart from locking various file types, the Encfiles Ransomware also has deleted backups and data stored on NAS (Network-attached storage) devices. The attackers do not specify the sum of the ransom they are trying to extort from their victims, but they do specify that the money must be transferred in Bitcoins. A single email address at 'dataprotection@tuta.io' is provided as a potential communication channel. However, the hackers also mention that they are willing to decrypt up to 3 files with a total size of less than 10MB for free.
The full text of the ransom note is:
'Your files are now encrypted!
Your personal identifier:
All your files have been encrypted
And all your backup and NAS system deleted military grade ERASE Methods.Now you should send us email with your personal identifier.
This email will be as confirmation you are ready to pay for decryption key.
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us.
After payment we will send you the decryption tool that will decrypt all your files.If you want take back your files please contact us.
Email : dataprotection@tuta.io
Please send both email adress for contact us
Free decryption as guarantee!
Before paying you can send us up to 3 files for free decryption.
The total size of files must be less than 10Mb (non archived), and files should not contain
valuable information (databases, backups, large excel sheets, etc.).How to obtain Bitcoins?
The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click
'Buy bitcoins', and select the seller by payment method and price:
hxxps://localbitcoins.com/buy_bitcoinsAlso you can find other places to buy Bitcoins and beginners guide here:
hxxp://www.coindesk.com/information/how-can-i-buy-bitcoinsAttention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price
(they add their fee to our) or you can become a victim of a scam.'
