Encryptd Ransomware

Encryptd Ransomware Description

There is an increasing amount of ransomware threats that rear their ugly heads daily as more and more cybercriminals try their luck in distributing them. One of these newly uncovered file-encrypting Trojans is the Encryptd Ransomware. This threat has not yet been indicated to belong to any ransomware family.

Propagation and Encryption

The infection triggers involved in the spreading of the Encryptd Ransomware have not yet been confirmed with any certainty. Some believe that propagation via mass spam email campaigns is the most likely method used in the case of the Encryptd Ransomware. What this would entail is an email with a message, which was crafted using a variety of social engineering tricks carefully. The goal of this message is to convince the user that the unsafe attachment, which is accompanying the email, is safe, and the user should launch it on their systems as its contents are important. However, opening the attached file will trigger the execution of the Encryptd Ransomware on the compromised host. This ransomware threat goes after a very long list of file types that are likely to be present on any regular user's computer. Files such as .mp3, .mp4, .doc, .docx, .pdf, .ppt, .pptx, .rar, .jpg, .jpeg are going to be on the Encryptd Ransomware’s list certainly. Then, this ransomware threat will begin locking all the targeted data using an encryption algorithm. When the Encryptd Ransomware locks a file, it also adds a '.encryptd' extension to its name. This means that a file that was named 'Silver-Eyelash.jpeg' initially will be renamed to 'Silver-Eyelash.jpeg.encryptd' when the Encryptd Ransomware is done locking it.

The Ransom Note

When the Encryptd Ransomware finishes encrypting the files, it will proceed with the attack by dropping a ransom note called 'README_FOR_DECRYPT.txt,' which states:

’All your data has been locked(crypted).
How to unclock(decrypt) instruction located in this website: http://194.67.203.74/order/[redacted 32 byte alphanum]

Or this TOR website: http://yehc74wh3f5p2sbw.onion/order/[redacted 32 byte alphanum]
Use TOR browser for access .onion websites.
https://duckduckgo.com/html?q=tor+browser+how+to
Do NOT remove this file and NOT remove last line in this file!

WIN ID: [redacted base64 of ID]’

As you can see, the note is rather short. In it, the attackers do not mention a ransom fee or a mean of contacting them like most authors of ransomware threats do. However, they have given a link to a website that is meant to contain instructions. There is also a link to the same page located on the Deep Web, which is only accessible via the Tor browser.

Trying to cooperate with cybercriminals will do more harm than good surely There is absolutely no guarantee that you will be provided with the decryption key you need even if you give in to the demands of the creators of the Encryptd Ransomware. Many users have been tricked into paying a ransom fee while the attackers never intended to send them the decryption tool in the first place. This is why it is a much safer approach to download and install a legitimate anti-malware application, which will help you in removing the Encryptd Ransomware from your system.

Do You Suspect Your PC May Be Infected with Encryptd Ransomware & Other Threats? Scan Your PC with SpyHunter

SpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like Encryptd Ransomware as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Note: SpyHunter's scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. Free Remover allows you to run a one-off scan and receive, subject to a 48-hour waiting period, one remediation and removal. Free Remover subject to promotional details and Special Promotion Terms. To understand our policies, please also review our EULA, Privacy Policy and Threat Assessment Criteria. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Security Doesn't Let You Download SpyHunter or Access the Internet?

Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.
If you still can't install SpyHunter? View other possible causes of installation issues.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.