Encrp Ransomware
So far, the Encrp Ransomware has not been classified as belonging to any of the existing ransomware families, which means that it can be considered as a unique crypto locker threat. That doesn't mean that it deviates from what is considered the norm for these malware types necessarily.
The Encrp Ransomware still aims to infiltrate the targeted computer where it performs an encryption process on nearly all of the stored files sneakily. Affected users are then extorted by the hackers for the potential restoration of the locked data. Every file encrypted by the Encrp Ransomware will have '.encrp' appended as a new extension to its original name. The note with instruction from the criminals is delivered as a text file named '__READ_ME_TO_RECOVER_YOUR_FILES.txt.' A copy of the note will be dropped in every folder that has encrypted files.
According to the ransom instructions, the Encrp Ransomware victims are to establish communication by sending an email to the provided address at 'nhands_q647t@pudxe.com.' Before that, however, victims are expected to send the sum of $200 in Bitcoin to the cryptocurrency wallet address found in the ransom note. Once the transaction is complete, the transfer ID and the unique ID assigned to the victim (also found in the ransom note) must be included in the email message.
The complete text of the instructions left by the Encrp Ransomware is:
'Hello, your files were encrypted and are currently unusable.
The only way to recover your files is decrypting them with a key that only we have.
In order for us to send you the key and the application to decrypt your files, you will have to make a transfer of Bitcoins
to an electronic wallet. We leave you here the data to make the bitcoins transfer.
Bitcoin wallet: 398sW5eMDvyr93CJHKRD3eYE9vK5ELVrHP
Transfer the amount of bitcoins equivalent to 200 USD.
Your computer ID is:
Once you make the transfer of bitcoins, send us the transfer ID and your computer ID to our email: nhands_q647t@pudxe.com
When we verify the transfer we will send you your key and the decryption application.'
The last thing you should do is pay the attackers. The people behind the virus are extortionists that want you to pay a ransom in return for them allegedly returning your files to you, much like with other ransomware variants. However, there are many cases where people make the payment but do not get their files back. The chances of you getting the decryption key you pay for are actually low. There are many cases where the attackers don’t even have a decryption key of their own, turning the entire ransom note into a huge bluff. Victims are so afraid of losing their files that they are willing to believe anything that could give them a chance of getting it back. This is the secret to the success of ransomware.
The Encrp ransomware can alter the Windows Registry to achieve persistence on your machine. It can also launch or stop Windows processes. One nasty trick the virus has up its sleeves is deleting Shadow Volume Copies of data. These are the copies stored locally on your machine used for System Restore and other backup features. Deleting these copies makes it more of a challenge to restore your files normally.
With that said, restoring your files yourself is your best bet. Use a backup copy on an external device or from the cloud to get your data back. We recommend removing the virus first to prevent these external devices from also being encrypted. Most anti-malware and antivirus programs can detect and remove the infection, but unfortunately, that isn’t enough to undo the damage. Removing Encrp only prevents further damage.
Remember to practice good digital hygiene when using your computer to prevent malware attacks. Avoid doing anything important or personal, such as online banking, when using public Wi-Fi. Avoid illegal downloads and file sharing websites as well. Torrent sites, in particular, are a breeding ground for computer problems. While there is nothing inherently wrong with freeware, make sure to check reviews and download programs through official websites and trusted third-party sites. Anyone who had a bad experience with freeware that turned out to be a virus would let others know about it.
