Encryptor RaaS

Encryptor RaaS Description

Encryptor RaaS refers to a family of threats that is part of a Ransomware as a Service (RaaS) operation. Cyber hackers have set up a system that allows third parties to pay for a service that creates ransomware infections to distribute on their botnets or through other means. Ransomware operations require work in collecting payments, delivering decryption keys and distributing profits. The Encryptor RaaS operation offers to take care of all these services, as well as providing the Encryptor RaaS malware itself, and keeps 20% of the profits from these attacks.

The Similarities Between Encryptor RaaS and Its Predecesor, Tox

In recent months, PC security analysts had received reports of another RaaS operation named Tox. Tox was for sale by its owner, meaning that this new Encryptor RaaS may be the result of this. Encryptor RaaS is substantially less sophisticated than Tox. Although effective, Encryptor RaaS is not as well implemented both from the point of view of the threat itself and the service Encryptor RaaS provides to other people. One particular characteristic of Encryptor RaaS is that Encryptor RaaS seems to contain references to DLL files associated with Java. This means that Encryptor RaaS may be the first ransomware infection created using Java.

Characteristics Shared by All Variants of Encryptor RaaS

There may be, effectively, any number of variants of Encryptor RaaS. This is because its nature is such that Encryptor RaaS is designed specifically so that different individuals can create variants of this threat suited specifically to their needs. Once Encryptor RaaS is installed, it encrypts files on the victim's computer based on their files' extension. The extensions targeted by Encryptor RaaS are listed below:

abw, accdb, ai, aif, arc, as, asc, asf, ashdisc, asm, asp, aspx, asx, aup, avi, bbb, bdb, bibtex, bkf, bmp, bpn, btd, bz2, c, cdi, cer, cert, cfm, cgi, cpio, cpp, crt, csr, cue, c++, dds, dem, dmg, doc, docm, docx, dsb, dwg, dxf, eddx, edoc, eml, emlx, eps, epub, fdf, ffu, flv, gam, gcode, gho, gif, gpx, gz, h, hbk, hdd, hds, hpp, h++, ics, idml, iff, img, indd, ipd, iso, isz, iwa, j2k, jp2, jpf, jpeg, jpg, jpm, jpx, jsp, jspa, jspx, jst, key, keynote, kml, kmz, lic, lwp, lzma, m3u, m4a, m4v, max, mbox, md2, mdb, mdbackup, mddata, mdf, mdinfo, mds, mid, mov, mp3, mp4, mpa, mpb, mpeg, mpg, mpj, mpp, msg, mso, nba, nbf, nbi, nbu, nbz, nco, nes, note, nrg, nri, ods, odt, ogg, ova, ovf, oxps, p2i, p65, p7, pages, pct, pdf, pem, phtm, phtml, php, php3, php4, php5, phps, phpx, phpxx, pl, plist, pmd, pmx, png, ppdf, pps, ppsm, ppsx, ppt, pptm, pptx, ps, psd, pspimage, pst, pub, pvm, qcn, qcow, qcow2, qt, ra, rar, raw, rm, rtf, s, sbf, set, skb, slf, sme, smm, spb, sql, srt, ssc, ssi, stg, stl, svg, swf, sxw, syncdb, tar, tc, tex, tga, thm, tif, tiff, toast, torrent, tpl, ts, txt, vbk, vcard, vcd, vcf, vdi, vfs4, vhd, vhdx, vmdk, vob, wbverify, wav, webm, wmb, wpb, wps, xdw, xlr, xls, xlsx, xz, yuv, zip, zipx

After Encryptor RaaS as encrypted the victim's files, Encryptor RaaS creates a ransom file on the victim's Desktop. The text of the Encryptor RaaS ransom note is both in German and English, and reads as follows:

ATTENTION!
The files on your computer have been securely encrypted by Encryptor RaaS.
To get access to your files again, follow the instructions at:
https://decryptoraveidf7.onion.to/vict?cust=&guid=

ACHTUNG!
Die Dateien auf Ihrem Computer wurden von Encryptor RaaS sicher verschluesselt.
Um den Zugriff auf Ihre Dateien wiederzuerlangen, folgen Sie der Anleitung auf:
https://decryptoraveidf7.onion.to/vict?cust=&guid=

This ransomware infection opens a TOR payment site and demands that the victims make the payment using BitCoins. The people using Encryptor RaaS' services only need to deliver their payment via BitCoin and specify the amount of the ransom in order to create a functional Ransomware attack. One aspect of Encryptor RaaS that is fortunate is that this attack does not delete shadow copies of infected files, meaning that it may be possible to recover converted files using Shadow Explorer or other specialized tools.

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.