EnCrypt Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 80 % (High) |
| Infected Computers: | 437 |
| First Seen: | July 6, 2017 |
| Last Seen: | June 23, 2022 |
| OS(es) Affected: | Windows |
The EnCrypt Ransomware is an encryption ransomware Trojan, a category of threats that work by taking the victim's files hostage. To do this, the EnCrypt Ransomware will use a strong encryption algorithm to encrypt the affected files, preventing the victim from accessing the encrypted data. Once the EnCrypt Ransomware has encrypted the victim's files, it will demand a ransom from the victim in exchange for the decryption key or program necessary to recover the affected files. There are many ways in which threats like the EnCrypt Ransomware may be distributed to victims. The most ordinary of them is the use of corrupted email attachments, which are delivered using spam messages to victims. These email attachments will carry documents with enabled macros, which will download and install the EnCrypt Ransomware onto the victim's computer.
Table of Contents
The Uninspired Name of the EnCrypt Ransomware
While threats like the EnCrypt Ransomware can be delivered in a variety of ways (such as entering the victim's computer directly, through the use of websites infected with exploit kits, or bogus downloads on peer-to-peer file sharing networks), the most common delivery method is the use of corrupted DOCX files, which will use macros to install the EnCrypt Ransomware on the victim's computer. Once the EnCrypt Ransomware is installed on the victim's computer, it will scan the victim's drives for files to encrypt. The EnCrypt Ransomware will encrypt the files on the victim's drives, as well as on all storages associated with the infected PC, including removable memory devices connected to the infected computer and directories shared on a network.
How Con Artists may Profit from the EnCrypt Ransomware
The EnCrypt Ransomware will use a strong encryption algorithm to make the victim's files inaccessible. Apart from doing this, the EnCrypt Ransomware also will delete the Shadow Volume Copies of the affected files and other possible recovery methods. After doing this, the EnCrypt Ransomware will display a ransom note on the infected computer, which demands the payment of a ransom, informs the victim of the attack, and provides instructions on how to carry out the payment. Bellow is the full text of the EnCrypt Ransomware's ransom note:
'YOUR DOCUMENTS, PHOTOS, DATABASES AND OTHER IMPORTANT FILES HAVE BEEN ENCRYPTED!
---
The only way to decrypt your files is to receive the private key and decryption program.
To decrypt your files you need to buy the private key
---
HOW TO GET THE PRIVATE KEY?
1. Create a Bitcoin Wallet (blockchain.info)
2. Buy necessary amount of Bitcoins (50$)
Do not forget about the transaction commission in the Bitcoin network
Here are our recommendations:
Korbit.co.kr - Bitcoin, Ethereum & Ripple Trading In Korea
btcdirect.eu - A good service for Europe
bittylicious.com - Get BTC via Visa / MC or SEPA (EU) bank transfer
localbitcoins.com - This service allows you to search for people that want to sell Bitcoins directly (WU, Cash, SEPA, Paypal, etc).
cex.io - Buy Bitcoins using Visa / Mastercard or Wire Transfer.
coincafe.com - It is recommended for the fast and easy service. Payment methods: Western Union, Bank of America, cash through FedEx, Moneygram, and/or wire transfer
bitstamp.net - Old and proven Bitcoin dealer
coinmama.com - Visa/Mastercard
btc-e.com - Bitcoins dealer (Visa/Mastercard, etc.)
Could not find Bitcoins in your region? Try searching here:
buybitcoinworldwide.com International catalog of Bitcoins exchanges
bitcoin-net.com - Another Bitcoins sellers catalog
howtobuybitcoins.info - International catalog of Bitcoins exchanges
bittybot.co/eu - A catalog for the European Union
3. Send 50$ to the following Bitcoin address:
1H9jjVku8RPzQ4gDsA4oBQLNw9tEYHaC5X
4. Go to the following site:
http://yfkhfomk3iqod5vb.onion
5. In there site insert:
ID ([redacted])
Your btc address (the same utilized for the payment)
Your email address (to receive the key and the program for decrypt)
6. Wait 24/48h and check your email (also the spam)
---
HOW TO ACCESS TO THE WEBSITE?
1. Download "Tor Browser" from https://www.torproject.org/ and install it.
2. In the "Tor Browser" open:
http://yfkhfomk3iqod5vb.onion
Note! This page is available via "Tor Browser" only.
---
Also you can use temporary addresses without using "Tor Browser".
---
1. http://yfkhfomk3iqod5vb.tor2web.org
2. http://yfkhfomk3iqod5vb.onion.link
3. http://yfkhfomk3iqod5vb.onion.nu
4. http://yfkhfomk3iqod5vb.onion.cab
5. http://yfkhfomk3iqod5vb.onion.to
---'
Do not Pay the EnCrypt Ransomware Ransom
The EnCrypt Ransomware demands the equivalent of $50 USD through Bitcoins. PC security researchers strongly advise computer users to refrain from paying the EnCrypt Ransomware ransom since this serves only to allow con artists to develop further ransomware variants. Since attacks like the EnCrypt Ransomware are becoming more common increasingly, take preventive measures, such as having file backups and installing a reliable security program that is fully up-to-date to avoid an infection.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.