Threat Database Ransomware EncoderCSL Ransomware

EncoderCSL Ransomware

The EncoderCSL Ransomware is a brand-new data-encrypting Trojan. After studying this threat, malware analysts found that this is a variant of the HiddenTear Ransomware. The HiddenTear Ransomware was developed with only good intentions as it was meant to serve as an educational tool that could help developers learn more about file-locking Trojans. However, cyber crooks did not waste any time and took over the HiddenTear Ransomware to weaponize it.

Propagation and Encryption

It is likely that mass spam emails may be the main propagation method employed in the distribution of the EncoderCSL Ransomware. Usually, the user will receive a fraudulent email that contains a macro-laced attachment, which, once launched, will infect the targeted host. Bogus downloads, torrent trackers, fake updates, and malvertising operations also are likely infection vectors in regards to the spreading of ransomware threats. The EncoderCSL Ransomware is designed to target a long list of file types, which means that it is likely that all your data will be locked if this threat manages to compromise your computer. Documents, images, audio files, spreadsheets, databases, archives, and various other file types will be locked with the help of an encryption algorithm. The names of the affected files will be altered because the EncoderCSL Ransomware adds a ‘.locked’ extension. For example, an audio file you had named ‘silent-dusk.mp3’ will be renamed to ‘silent-dusk.mp3.locked.’

The Ransom Note

The EncoderCSL Ransomware would drop its ransom note on the user’s desktop. Then, the EncoderCSL Ransomware will launch a pop-up window that instructs the user to read the ransom message contained in a file called ‘READ_ME.txt.’ The ransom message is very brief, and the attackers do not specify a ransom sum. However, they give out an email address – ‘’ The attackers claim that victims will get further instructions once they get in touch with them via email.

The variants of the HiddenTear Ransomware tend to be decryptable for free, and the EncoderCSL Ransomware is not an exception. You do not need to contact the authors of the EncoderCSL Ransomware to recover your files, as this can be done at no cost using the HiddenTear Ransomware decryption tool.


Most Viewed