Threat Database Ransomware EncryptedBatch Ransomware

EncryptedBatch Ransomware

By GoldSparrow in Ransomware

The EncryptedBatch Ransomware is an encryption ransomware Trojan. The EncryptedBatch Ransomware differs from most encryption ransomware Trojans active currently in that it runs as a batch script. The EncryptedBatch Ransomware's purpose, however, is identical to most encryption ransomware Trojans: the EncryptedBatch Ransomware enciphers the victims' files and then requests a ransom payment from the victim to supposedly return access to the affected files.

Why the Criminals Create Threats Like the EncryptedBatch Ransomware

The EncryptedBatch Ransomware is installed on a victim's computer most commonly after the victim opens a corrupted spam email attachment or attempts to download a compromised file, generally disguised as something else. The EncryptedBatch Ransomware is quite small and runs a very simple attack, which can generally be intercepted by most security programs. Once the EncryptedBatch Ransomware is installed, the EncryptedBatch Ransomware runs commands on the Command Line (cmd.exe) to use the Windows' encryption technology to make the victim's files inaccessible. The EncryptedBatch Ransomware will mark each file encrypted by its attack by adding file extensions to affected files, which append the string '.Encrypted' plus an ascending sequence of numbers, such as the following:


The EncryptedBatch Ransomware targets the user-generated files, commonly affecting directories such as the Documents folder. The files targeted by threats like the EncryptedBatch Ransomware include:

.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.

The EncryptedBatch Ransomware’s Ransom Demand

After the EncryptedBatch Ransomware has made the victim's files inaccessible, the EncryptedBatch Ransomware displays a program window on the victim's computer. First, this program Window will display the following message:

'Your Files Have been Encrypted. Press any key to continue...'

After the victim presses a key on their keyboard, the EncryptedBatch Ransomware will display the following message:

'To Get Your Files Back
You Have To Enter The Decryption Key.
Enter password to Unlock Your Files
>[text input prompt]'

However, there is no contact information associated with the EncryptedBatch Ransomware, and there does not seem to be any way for the victims to obtain a decryption key. Because of this, the EncryptedBatch Ransomware essentially functions as a data wiper, since the victim's data will be lost completely after an EncryptedBatch Ransomware attack.

Dealing with the EncryptedBatch Ransomware

The best protection against threats like the EncryptedBatch Ransomware is to have backup copies of your files. Apart from file backups, computer users should use a security program to prevent the EncryptedBatch Ransomware from being installed in the first place. It also is crucial that computer users avoid common infection vectors, such as spam email attachments and unsafe file downloads.


Most Viewed