EnCiPhErEd Ransomware

Many creators of ransomware threats opt to take the easy route, and they base their threatening products on already existing ones, and often well-established, data-locking Trojans. This appears to be what the creators of the newly uncovered EnCiPhErEd Ransomware did.. The authors of this nasty Trojan have based their creation on the Xorist Ransomware. Taking this approach saves the cyber crooks a lot of time and effort, which is why it is so popular in the world of cybercrime.

Propagation and Encryption

The most commonly utilized infection vector, in regards to ransomware threats, is spam email campaigns. The attackers would target a large number of unsuspecting users who would receive an email that claims to be sent by a government body or a well-regarded company. Usually, the email contains a fake attachment and a bogus message that attempt to convince the user to execute the attached file that will serve to compromise the targeted system. Malvertising campaigns, fake pirated variants of popular applications, fraudulent software updates, and downloads are among commonly used propagation methods

Once it has compromised a system, the EnCiPhErEd Ransomware would begin locking all the data present on it. Images, documents, audio files, videos, spreadsheets, databases, and archives will all be rendered unusable after the EnCiPhErEd Ransomware applies its encryption algorithm and locks them. All the encrypted files will receive an additional extension - '.EnCiPhErEd.' This means that a file that was named 'frosty-window.jpeg' originally, will have its name altered to 'frosty-window.jpeg.EnCiPhErEd' after this Trojan has locked it.

The Ransom Note

The ransom note that the EnCiPhErEd Ransomware drops on the user's desktop is called 'HOW TO DECRYPT FILES.txt.' The EnCiPhErEd Ransomware also displays a ransom message in a separate pop-up window. In the ransom note, the attackers ask the user to send a text message to a Chinese phone number - '+86 17192175113.' The attackers also instruct the victim what the contents of the text message ought to be - '19283.' Cybersecurity researchers strongly advise users not to comply with the cyber crooks' instructions.

According to experts, it is likely that the EnCiPhErEd Ransomware may be decryptable for free. Users whose data has been affected by the EnCiPhErEd Ransomware need to search for the 'Xorist Decryptor' online. This is a freely available decryption tool that may help you recover your data. Even if there was no available tool, it is still not a good idea to cooperate with the attackers as they often trick the users who pay up and never deliver the decryption key they need.